In a blog post this afternoon, Google has announced that it will be making some changes to Buzz.

That’s good news.

In the future (“starting this week”), new users will be presented with clearer options. At some later time (“over the next couple weeks”), users whose privacy has already been compromised without their knowing might be prompted to take some corrective action. And users will (eventually) get a button with their Gmail settings that can actually disable Buzz. (( I just checked my Gmail account. It’s not there yet. )) Buzz will continue to be the default setting for Gmail — users will have to individually click to opt-out.

If your main concern is just how you can (eventually) disable Buzz, it sounds like the way to disable buzz I discussed yesterday is the same one that Google will be incorporating into its preference settings. (( My own Gmail account doesn’t yet have this preference pane. The screenshot Google published has small print warning that its “disable buzz” button will delete your profile and disconnect your followers. That sounds like the exact same three-step-process from yesterday rolled up into one button. ))

But something struck a wrong chord in Google’s announcement. It was a non-apology apology. Indeed, it never really even quite acknowledges that the privacy problems with Buzz (which I wrote about Thursday) were real. (It dismisses them as mere “concerns” about the service, as if they were misplaced).

The big picture: Whose data is this, anyway?

Over the past few days, I’ve found myself trying to understand how Google could have made this sort of blunder. It’s a company whose products I have championed in the past, and that many others in the technology world adore.

Here is my conclusion: Google developed Buzz as an internal corporate product, part of its internal culture. There was no opt-in process because the employees didn’t get a choice; there was no concept that a user might opt-out. And the auto-follow function was not intrusive, it was brilliant. Instead of trying to create “follower” groups based on rigid org charts, the dynamic seeding of Buzz could set up natural follower groups based on who your particular job really brought you into the closest contact with. It was anti-hierarchical, even subversive.

All that makes sense — in a corporate environment.

What bothers me (and apparently many of you) about Buzz is that it treated data that we think of as our data as if it were Google’s to remix and share with the world.

But, if you think about it, in a corporate environment, employee emails on a company server are usually thought of as the company’s data. A product developed for internal corporate use probably would treat emails differently and with less respect than a product meant for personal, private email.

The question for Google going forward is this: How does it see our data? Is the data it collects from users as part of its products like Gmail and Google Docs our data or its data? What permission does it believe is appropriate before it reuses and publishes parts of our data? What expectations of privacy can we have in the Google cloud? (And, after a breach of trust like this, what recourse can we have if they breach our privacy?)

That’s the fundamental issue. I feel like some of my personal data was misused by Google. They have not apologized. And — most importantly — they have not promised in some meaningful way not to do it again.

That covenant is more important than an apology. But they have to start with the apology.

What’s disturbing about Google’s announcement

I do appreciate that Google is moving quickly to try to blunt some of the damage. But this announcement does not reach the core of the problem. (Doing so might have to come from the top levels of the company, not a particular product team.)

For starters, Buzz will remain an opt-out service. It will remain the default for all Gmail users, unless they explicitly choose otherwise.

With regard to auto-following — the feature decried as possibly exposing international human rights activists, anonymous bloggers, and even personal information about ex-spouses — Google says:

This created a great deal of concern and led people to think that Buzz had automatically displayed the people they were following to the world before they created a profile.

Note the dismissiveness of “concern … led people to think.” Set that aside. The key is the last phrase — “before they created a profile.” What this post glosses over is the fact that Buzz did automatically display precisely this information for people who had already created a Google Profile at some time in the past. I was one of those people, as were many of my friends. Profiles were an innocuous feature. There was no reason to think they would suddenly, and without choice or warning, start to publish patterns of our emailing behavior.

As for the auto-following feature, Google says that it will now turn this into an “auto-suggest” feature at start-up that lets you approve before anyone is followed. That’s a huge improvement. I applaud it. But for those of you who’ve already dipped your toes in the water:

over the next couple weeks we’ll be showing you a similar version of this new start-up experience

So Google is apparently going to leave in place all the auto-connections it has already made and that may be displayed on profile pages now. I understand that it’s difficult to unwind this process, but Google is placing its priority here on saving face rather than protecting its users’ privacy by actually unwinding these connections at the source in the same algorithmic way it created them.

I began by saying that Google issued a non-apology apology. It signs off “We’re very sorry for the concern we’ve caused.” That’s sort of like saying “I’m sorry you feel that way.” It’s not an apology. And it’s certainly not what’s needed to reassure users that Google recognizes some difference between our data and its data.