We are writing to you as data protection authorities to raise questions from a privacy perspective about the development of Google Glass, a type of wearable computing in the form of glassesi, which is currently in beta testing and not yet available to the general public.
As you may recall, data protection authorities have long emphasized the need for organizations to build privacy into the development of products and services before they are launched. Many of us have also encouraged organizations to consult in a meaningful way with our respective offices.
To date, what information we have about Google Glass, how it operates, how it could be used, and how Google might make use of the data collected via Glass largely comes from media reports, which contain a great deal of speculation, as well as Google’s own publicizing of the device.
For example, our understanding is that during the beta testing of the product, Google has put in place extensive guidelines for software developers to follow in building applications for Glassii. These limits appear to be largely related to advertising within Glass. If this is indeed the case, we think this is a positive first step in identifying privacy issues, but it is only a first step and the only one we are aware of.
We understand that other companies are developing similar products, but you are a leader in this area, the first to test your product “in the wild” so to speak, and the first to confront the ethical issues that such a product entails. To date, however, most of the data protection authorities listed below have not been approached by your company to discuss any of these issues in detail.
For our part, we would strongly urge Google to engage in a real dialogue with data protection authorities about Glass.
The questions we would like to raise include:
How does Google Glass comply with data protection laws?
What are the privacy safeguards Google and application developers are putting in place?
What information does Google collect via Glass and what information is shared with third parties, including application developers?
How does Google intend to use this information?
While we understand that Google has decided not to include facial recognition in Glass, how does Google intend to address the specific issues around facial recognition in the future?
Is Google doing anything about the broader social and ethical issues raised by such a product, for example, the surreptitious collection of information about other individuals?
Has Google undertaken any privacy risk assessment the outcomes of which it would be willing to share?
Would Google be willing to demonstrate the device to our offices and allow any interested data protection authorities to test it?
We are aware that these questions relate to issues that fall squarely within our purview as data protection commissioners, as well as to other broader, ethical issues that arise from wearable computing. Nevertheless, we feel it is important for us to raise all of these concerns. We would be very interested in hearing about the privacy implications of this new product and the steps you are taking to ensure that, as you move forward with Google Glass, individuals’ privacy rights are respected around the world. We look forward to responses to these questions and to a meeting to discuss the privacy issues raised by Google Glass.
President, Commission d’accès à l’information du Québec
… / 4
Original signed by
Information and Privacy Commissioner of British Columbia
i Google Glass includes an embedded camera, microphone and GPS, with access to the Internet. The Android Operating System powers Google Glass, and third-party applications are currently being built for Glass. To access Glass, a user needs a Google account.