Building privacy into products
Thursday, August 6, 2009
Imagine that a friend took a photo of you at a wild party last weekend and posted it on a social-networking site. What one person considers to be harmless fodder for wide consumption can be highly embarrassing to someone else. Because the notion of what's public and what's private differs from individual to individual, it can be challenging for tech companies to figure out how to create products that offer good privacy protections for their users. This challenge is something we think about and discuss at Google every day, and now two of my fellow Googlers are sharing their thoughts on the matter.
Our Canada Policy Counsel Jacob Glick wrote an op-ed in yesterday's National Post arguing that privacy is best protected by good product design. Two examples he gives are Google Street View, in which facial- and license-plate-blurring technology is built into the product, and YouTube, which allows users to choose whether to show their uploaded videos to the entire public or restrict it to a smaller group of friends.
Meanwhile, in the July/August 2009 issue of IEEE Security & Privacy magazine, Google Policy Analyst Betsy Masiello has published an article titled "Deconstructing the Privacy Experience," in which she looks at the challenge of giving users meaningful information and controls:
"We've long focused on transparency and choice as the pillars on which privacy rests because together they enable informed consent to data collection. On their own, however, transparency and choice say nothing about creating a usable privacy experience. Enabling informed consent to data collection isn't enough; product designers must aspire to this and more: enable informed consent without burdening user experience."
You can download a PDF of the entire three-page article here. Both Betsy's article and Jacob's op-ed are great reads; check them out.
I would like to preface my comment by saying that I do use and like a number of Google products and services. I also agree with you that privacy must be built into the design of the product from the beginning. However, I have to strongly disagree with you that Google Street View is a good model of privacy.
ReplyDeleteI was looking at it recently of the old street I lived on and there was my neighbor standing on his lawn beer gut and all with his dog and watering his lawn. Was his face blurry? Sort of, but not really.
An effective privacy policy is not making people find out on their own if Google surveillance vehicles are snapping photos of them, their homes, kids, and dogs in the yard, and what cars they drive.
In my own case, Google for weeks or months incorrectly identified a commercial plumbing business at my home address which required three requests for removal before it was deleted.
Instead of opting out after the fact when you stumble across it by chance, and then going through several requests to delete, when it comes to residential neighborhoods and properties Google needs to come up with a better design of opting in and not opting out.