New Jersey is leading the way again. Grayson Barber has shared a draft letter that the New Jersey Library Association is working on, to submit to the FTC regarding reader privacy and Google. See https://epic.org/fixgoogleprivacy/
Time is of the essence, so they graciously agreed to let me share the draft so that other library groups can use it as a start to writing their own. Please share widely. DEADLINE to submit comments (informal, individuals, associations, formal, any) is MAY 2
N J L A L E T T E R H E A D
Federal Trade Commission
Office of the Secretary, Room H-113 (Annex D)
600 Pennsylvania Avenue, NW
Washington, DC 20580
Re: Google Buzz, File No.1023136
To the FTC:
The New Jersey Library Association submits this comment on the proposed consent order, In the Matter of Google Inc., File No. 1023136, between the FTC and Google. The consent order comes as a result of the complaint filed by the Electronic Privacy Information Center ("EPIC") regarding the privacy breach to Gmail users caused by Google Buzz.
The FTC complaint alleges that Google employed unfair and deceptive practices when it launched the Google Buzz social networking service.
The NJLA strongly supports the FTC settlement agreement, which applies to all Google products and services, including Gmail and Google Buzz. It bans Google from misrepresenting its privacy policies in the future, requires independent privacy audits every two-years for the next 20 years, and requires that Google institute a comprehensive privacy program to safeguard its users’ data and personal information.
NJLA’s interest in the settlement pertains to the rights of individuals to read anonymously. Reader privacy is an important component of intellectual freedom. In our experience, readers who visit websites and use Google have a reasonable expectation of privacy. That is to say, they believe they are anonymous. They are entitled to hold this belief, and should not be deceived by unfair practices that track their Internet use.
As part of the Comprehensive Privacy Program, the FTC should require Google to:
- Limit data retention to the minimum time necessary
- Establish user privacy provisions for Google Books
- Treat IP addresses as personally identifiable: they should be protected, not routinely collected
- Routinely encrypt all cloud-based services (Gmail, Docs, etc.)
- Not disclose user data to law enforcement without a warrant
- Allow users to use Google services anonymously
- Stop behavioral profiling of Internet users
- Limit Google's use of a web site's Analytics data
- Not require Google Accounts for Android phones
- Not track Android users without explicit permission
- Be transparent as to what data it collects on users
- Allow users to control the information Google collects on them
- Encrypt all Gmail to Gmail emails and chats using open standards like pgp
- Refrain from offering facial recognition services
The same requirements should apply to Google’s competitors as well.
Thank you for the opportunity to comment on the Google Buzz settlement.
Very truly yours,