“This is a significant breach of consumers’ expectations of privacy,” said EPIC executive director Marc Rotenberg, in a statement. “Google should not be allowed to push users’ personal information into a social network they never requested.”
When Google launched Buzz, users looking at the services were automatically listed as “following” posts from people with whom they regularly exchanged email. Participating in Buzz also created a public profile for a user that offered a public list of a user’s contacts. Effectively, Buzz published a list of names that represented a users’ most common email contacts.
EPIC argues that leveraging previously-private email address book contacts to compile a social network violates users’ privacy expectations, Google’s own terms of service, and constitute unfair and deceptive trade practices. According to EPIC’s complaint, the organization wants Google to make Buzz a fully opt-in-only service, and fully disclose that profiles and connections would be accessible to everyone. EPIC also argues a user’s personal address book—data which users have not consented to have published—should not be used as the basis for forming connections on Google Buzz.
Google has been drawing increasing criticism for retaining sensitive data about its users and overly sharing that data with the broader world. Although some users of the broader social Internet are clearly fine with that—Facebook’s Mark Zuckerberg has declared online privacy is not a social norm—there are also clearly instances where automatic collection and sharing of information from things like address books can cause material harm. As one anonymous blogger “Harriet Jacobs” wrote in response to Google Buzz: “I use my private Gmail account to email my boyfriend and my mother. There’s a BIG drop-off between them and my other ‘most frequent’ contacts. You know who my third most frequent contact is? My abusive ex-husband.”