Privacy by design, privacy by default

Well, the online reactions to Google’s Buzz innovation (“organising the world’s address books and making them visible”?) continue. Among others –

Sharon Machlis gives some specific examples of why it’s a bad idea to treat email as if it were the same as other ‘networked interaction’ tools;

Harriet Jacobs gives a crucial perspective on the dangers of promiscuous data-sharing (warning: contains lively language and references to sexual violence);

Tom Krazit provides an update on some of Google’s first tweaks in reaction to the negative feedback.

So it’s not that Google is doing nothing. However, I still haven’t seen the most important change – namely, from “default opt-in by presumption” to a proper, explicit opt-in based on informed consent.

I blogged a couple of months ago in response to Eric Schmidt’s ill-chosen words on privacy, and noted that they came particularly badly from the CEO of a company with such global reach and power, and the ability to have such a fundamental effect on individuals’ privacy.

I would say the same thing about the Buzz implementation. It is extremely unhealthy for the online eco-system as a whole (users, service providers, developers and so on) if a stakeholder such as Google demonstrates a willingness to ignore privacy fundamentals such as informed consent, explicit opt-in, and ‘opt-out by default’.

Please, Google: you’re never slow to trumpet the philanthropic potential of your innovations; live up to that PR by setting a better example: privacy by design, privacy by default.