International data protection authorities call for 'Privacy by Design' - Jacob Kohnstamm to sign on behalf of European data protection authorities as well 

Press release, 20 April, 2010

International data protection authorities from ten different countries, in a unique collaborative effort, call on online companies such as Google to provide – from now on – all products and services with guarantees to properly protect and secure personal data, as early as in the design phase. In a joint letter, they demand a number of specific measures such as providing clearly visible and easy to use privacy settings. "International data protection authorities make a firm stand for the protection of personal data, also as regards innovative products and services", according to Jacob Kohnstamm who signed the letter in his capacity of chairman of the Dutch Data Protection Authority (Dutch DPA) [College bescherming persoonsgegevens (CBP)] and the Article 29 Working Party (WP 29) of European data protection authorities. "Companies have to deploy their 'experts' to develop services and products in such a way that do not violate, or to a much lesser extent, the privacy of individuals,"  said Kohnstamm, again emphasising the importance of 'privacy by design'.

Read the joint letter (134 KB)

International data protection authorities challenged Google, in a joint letter dated 19 April 2010, with regard to violation of privacy rules and fundamental privacy principles at the launch of the social network service Google Buzz.

At the introduction of Google Buzz in February 2010, it became clear the emailservice Gmail was converted into a social network site. With that, Google had automatically and without prior consent generated a network of 'followers' on the basis of the main email and chat contacts without properly informing users of what was being done with their data. The international data protection authorities have established that Google consequently violated the fundamental principle that people should be able to control the use of their personal information.

The data protection authorities acknowledge in their letter that Google took quick action by fixing the major violations of privacy after many users had complained. On 5 April 2010, Google moreover asked users to reconfirm their privacy settings. Google’s efforts, which were applauded in the letter, do not, according to the data protection authorities, lessen their major concerns about the manner in which Google sent the social network service Google Buzz into the world without any privacy guarantees.

Global action
The letter is signed by an ad hoc coalition of data protection authorities from Canada, Germany, France, Ireland, Israel, Italy, New Zealand, Spain, the United Kingdom and the Netherlands. Jacob Kohnstamm, chairman of the Dutch Data Protection Authority and also chairman of the WP 29, the consultative body of the European data protection authorities, is one of the co-signatories. Last year, the WP 29 adopted an Opinion in which the rules for social network sites are applied and explained. According to Kohnstamm, it is of great importance that the data protection authorities act jointly against violations of privacy. The main threats to the privacy of citizens are global in nature, and can only be dealt with effectively in a joint effort.

Privacy by design
The concept of 'Privacy by Design' means that privacy-sensitive elements are already taken into account as early as the design phase and that sufficient privacy guarantees are implemented to properly protect and secure personal data. At the presentation of the Dutch DPA's 2009 annual report, chairman Kohnstamm also called on the world of Dutch politics to promote the use of technical developments to make the chance of a violation of privacy as small as possible.