Gartner Blog Network

Google Follows the Usual “Violate Privacy; If Caught, Apologize; Then Offer Opt Out” Path

by John Pescatore  |  February 15, 2010  |  9 Comments

I mentioned the predictable flap about Google violating users’ privacy expectations when they rolled out their Buzz social networking add-on.  Imagine the outrage if the speed dial buttons on your cellphone were pre-populated with “friends” based on the stores your may have called on the phone or asked the directory services operator about. Imagine if Microsoft Exchange or Lotus Notes mail did what Google turned on with Buzz! Businesses need to expect this kind of thing from advertising supported IT.

The New York Times reports that over the weekend, Google continued to follow the predictable path that many other advertising and Internet companies have followed in the past when they go too far in using user information to make money:

  1. Introduce a new feature or offering that takes advantage of user data in ways users are sure not to like – but call the release “beta”
  2. Wait for the outrage, if none keep going. If outrage, goto (3)
  3. Apologize profusely, explain that privacy violating features were to make it easier for users
  4. Offer an opt-out capability buried a few menus or web screens or tabs down.
  5. Wait for outrage or FTC investigation, if none keep going. If outrage, goto (6)
  6. Promise FTC never to do this again, agree to security audits, keep trying to keep to opt-out and avoid opt-in
  7. Wait for press to lose interest, users to stop noticing the latest violation of their privacy. Goto (1).


John Pescatore
VP Distinguished Analyst
11 years at Gartner
32 years IT industry

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 32 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems… Read Full Bio

Thoughts on Google Follows the Usual “Violate Privacy; If Caught, Apologize; Then Offer Opt Out” Path

  1. Jared says:

    Fortunately all it took was a quick google search to learn how to disable google buzz :-)
    Finally it’s fun to know they’re watching…

  2. Social comments and analytics for this post…

    This post was mentioned on Twitter by mitchbetts: With Buzz, Google follows the usual “violate privacy; if caught, apologize; then allow opt-out” path.

  3. It is a shame, given Google’s strong stance on privacy vis-a-vis the info-sec attacks originating from somewhere in China of just a few weeks ago that they forgot the cardinal rule of social media: Assume anything your members do is private until they tell you otherwise. Simply looking at how much faster Facebook grew following this policy (attracting people older than HS- and college-age) vs. MySpace (which did not) reinforces this.

    This time Google may have over-stepped themselves. In the past few days, I have helped half a dozen non-technical people (who used to love Google for its usefulness) shut down their accounts and route their email elsewhere. They simple no longer trust Google.

    The big winner here is Microsoft. If I were Steve Balmer, I would “double-down,” increasing my investments in Bing and Facebook (and look again at buying Twitter).

  4. I’m constantly warning Gartner clients that they need to remember that the *advertisers* are the actual customers of free mail and social network sites, not the users. The users are just there to provide data to target the ads for the advertisers.

  5. Robin Wilton says:

    I’m with John P on that one; Jim, with respect, I don’t think what you’ve expressed is the cardinal rule of “social media”. In my view, the game operates more like this:

    Rule One: Maintain the illusion that the user is interacting only with their chosen parties; as long as you don’t spook them, users will be happy to connive at this pretence.

    Rule Two: Under no circumstances force the user to acknowledge that there’s a third party in the room… whether that’s you, as the “social network” provider, or the others with whom you exchange data about the users.

    Rule Three: Keep calling it “social networking”, to reinforce the impression that it operates by the same rules as face-to-face interaction between friends. (It doesn’t, but see Rule One).

  6. Mark Drapeau says:

    Very different than the Microsoft philosophy on these issues! Check out the new (and responsible) Outlook Social Connector features:

  7. Erin White says:

    What, no option to “share this post on Buzz”?


  8. Steve Simmons says:

    How ironic that you post this just before I was spammed by Garner and Damballa about a webcast on botnets. Pot, kettle, etc.

  9. Not sure of the connection between email solicitation spam and giving away customers private information but if you think Gartner has caused you an issue, please send email to

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.