Google Glass privacy questioned by six countries and the EU

The camera carrying, audio recording, internet capable spectacles being developed by Google and currently in beta testing raise numerous privacy questions that need to be addressed, suggests Stoddart in an open letter to Google's CEO Larry Page. The letter points out that data protection authorities have "long emphasized the need for organizations to build privacy into the development of products and services before they are launched", but adds that "most of the data protection authorities listed below have not been approached by your company to discuss any of these issues in detail."

The data protection authorities involved come from Canada, Australia, New Zealand, Mexico, Israel, and Switzerland, and also include Europe's Article 29 Working Party representing every one of the EU's member states (the same group that has six members currently involved in enforcement action over Google's privacy policy, which it believes contravenes European law).

Google Glass is seen by some as a two-way constant video extension to the smartphone. The difference is that Glass is less overt - when the user wishes to film or photograph, he or she doesn't have to visibly point the phone at the target but merely look at it. This raises concerns about the potential for ubiquitous covert surveillance - something that Noam Chomsky described on GritTV as "a dream that Orwell couldn't have concocted."

Indeed, one of Stoddart's questions raises, obliquely, this same point: "Is Google doing anything about the broader social and ethical issues raised by such a product, for example, the surreptitious collection of information about other individuals?"

This letter follows a similar and earlier request for information from eight US members of Congress. But while Congress asked specific questions (such as, "Can a non-user or human subject opt out of this collection of personal data?”), the data protection authorities are asking more principle-based questions. Examples include, "What are the privacy safeguards Google and application developers are putting in place?"; and "Has Google undertaken any privacy risk assessment the outcomes of which it would be willing to share?"

These questions cannot easily be answered by a letter from Google; and indeed the entire message seems designed to get Google to sit down and discuss the issues at length. While it concludes with the traditional 'we look forward to responses', it adds "and to a meeting to discuss the privacy issues raised by Google Glass." It is about as polite as an informal 'summons' can be: the very first question is "How does Google Glass comply with data protection laws?" In the final analysis, it is the signatories to this letter that will decide whether Google Glass does or does not comply with data protection laws in their respective jurisdictions.

What’s Hot on Infosecurity Magazine?