The Federal Trade Commission has reached a settlement with Google, which the FTC says violated the promises it made about consumers’ privacy when it launched the social network Google Buzz in 2010.
The settlement represents the first time the FTC has ordered a company to implement a comprehensive privacy program to protect consumers' information, and the first time it has brought an action based on the U.S.-E.U. Safe Harbor Privacy Framework.
When Google launched Buzz in 2010, inside its email service Gmail, it provided inadequate options for declining or leaving the social network, the FTC found. Additionally, the FTC charged that the controls for limiting or sharing personal information were confusing and difficult to find. Google received thousands of complaints from consumers that all of sudden found out they were participating in the network, and that their identity and their most recent email contacts were made public without their consent, the FTC said. The commission also maintains that Google misrepresented how it was treating personal information from the European Union.
"When companies make privacy pledges, they need to honor them," said Jon Leibowitz, chairman of the FTC. "This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations."
The settlement did not include any monetary penalty, but it will impose "substantial costs" on the company, said Jessica Rich, deputy director of the FTC’s bureau of consumer protection, during a Wednesday press conference. As part of the deal, Google will be required to implement a comprehensive privacy program and hire an outside auditor every two years for the next 20 years in order to verify that policy is followed. Google must also obtain users' consent via an opt-in feature before sharing any information with a third party.
And although the inquiry was focused on Google Buzz, the settlement applies to all of
Google's products and services.
On its blog, Google admitted it had screwed up the launch of Google Buzz and apologized.
"It fell short of our usual standards for transparency and user control, letting our users and Google down. While we worked quickly to make improvements, regulators, including the U.S. Federal Trade Commission, unsurprisingly wanted more detail about what went wrong and how we could prevent it from happening gain," wrote Alma Whitten, Google’s director of privacy, product and engineering.
Online privacy is a hot issue in Washington, as both regulators and legislators seek to protect consumers' personal information. In December, the FTC issued a policy paper suggesting that one solution might be a universal Do Not Track mechanism. Several bills are floating around in Congress, but the one most are waiting for is the draft of a bill from Sen. John Kerry, D-Mass., who is working on finalizing the legislation with Sen. John McCain, R-Ariz.
"We think the provisions [in the settlement] are good practices that could apply to the entire industry," the FTC's Rich said.