Google launched its newest social networking service Buzz last week and immediately set users around the globe talking.
Buzz sits inside Google's email service Gmail and enables users to mini-blog, "follow" other users, post real-time updates as they do for Facebook and Twitter, and share multimedia. Among its many features, the unseen consequences for individual privacy saw Google drawing flak from users and privacy advocates.
Trusted circle of friends
When you first enter Google Buzz, to make the startup experience easier, we may automatically select people for you to follow based on the people you email and chat with most. Similarly, we may also suggest to others that they automatically follow you.
The first issue with this feature is that it does not rely on your explicit consent or authorisation to grant access to others - unlike Facebook for example. With Facebook, anyone wishing to become your friend must first send a friend request, which you may choose to accept or ignore. However, in Buzz you do have the option to review the people following you and choose to block them, or "unfollow" them - the online equivalent of slamming the door in their face. The Facebook "opt in" approach mirrors New Zealand's approach to receiving spam emails under the Unsolicited Electronic Messages Act 2007 – whereas Buzz takes the "opt out" approach common in the US.
Personal information and the Privacy Act 1993
A second issue to consider is what Google does with the personal information that you hold about others. Under New Zealand's Privacy Act 1993, personal information is "information about an identifiable individual", including their name. The Privacy Act (and its 12 Information Privacy Principles) regulates the collection, use, storage and disclosure of personal information by an "agency" – which includes any person. You may not know it, but your obligations under the Privacy Act may extend to your use of Buzz. Under the Privacy Act, any individual can be an "agency" for the purposes of collecting personal information.
By automatically selecting a group of your most frequent contacts, Buzz aggregates the personal information that you hold about others (i.e., their name) into an easily accessible contact network. This can create problems if a person who automatically shows up in your circle of friends didn't give you their email address for the purpose of others contacting them – only for you to contact them.
This has implications if your business or organisation uses Gmail as its primary form of communication. If you've collected a customer's email address for the purposes of work communication, having them show up automatically in your Buzz circle of friends could technically be a disclosure - in breach of the Privacy Act.
State sector implications
State sector Gmail users should consider Buzz's default security setting in the context of the State Services Commission's recent guidance "Principles for interaction with social media". This guidance accompanies the Standards of Integrity and Conduct for State servants, and clarifies the rights and obligations of State servants using social media like Facebook or Buzz. It advises State servants that they "should only disclose information, make commitments or engage in activities when authorised to do so".
Alternatively, you can simply opt out of using Buzz but maybe that wouldn't be any fun at all.