Google Settles With FTC Over Privacy Violations on Buzz

google finedGoogle Inc. has settled Federal Trade Commission allegations of deceptive privacy practices by its Buzz social network, including actions that violated its own privacy policy.

The proposed settlement requires Google to create a comprehensive privacy program, to be independently audited for the next 20 years. Any further privacy misrepresentations by Google will be subject to a $16,000 fine, the agency said.

The Google settlement marks the first time the FTC has ordered a company to implement a program to protect the privacy of consumers' information, which is noteworthy considering Google's position as the most trafficked site in the world.The Google case is also the first time the FTC has accused a company of violating the privacy requirements of an agreement that allows U.S. companies to legally transfer personal data of European Union citizens to the United States.

"When companies make privacy pledges, they need to honor them," Jon Leibowitz, Chairman of the FTC, said in a statement. "This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations."

Google launched its Buzz social network through its web-based Gmail service in February 2010, and the Electronic Privacy Information Center filed a complaint with the FTC soon afterward.

According to the FTC complaint, Google led Gmail users to believe they could decide whether to join the network, but offered ineffective means to opt-out. Those who did join found the controls for limiting the sharing of their personal information confusing and hard to find.

When Buzz was launched, Gmail users received a message announcing the service and were given two options: "Sweet! Check out Buzz," and "Nah, go to my inbox." But some Gmail users who clicked on "Nah" were enrolled in certain features of the Google Buzz social network anyway, the FTC alleged. Those who clicked on "Sweet!" weren't clearly informed that the identity of all the people they emailed most frequently would be made public by default.

Although Google offered a "Turn Off Buzz" option, it failed to remove users from the social network. As a result, Google was bombarded with thousands of complaints from consumers angry about the publicizing of their contacts, which included ex-spouses, patients, students, employers and competitors.

Further, when Buzz launched, Google's privacy policy said, "When you sign up for a particular service that requires registration, we ask you to provide personal information. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use."

Alma Whitten, Google's Director of Privacy, Product & Engineering, addressed the FTC order and apologized to Google users on the company's blog.
The launch of Google Buzz fell short of our usual standards for transparency and user control-letting our users and Google down. While we worked quickly to make improvements, regulators-including the U.S. Federal Trade Commission-unsurprisingly wanted more detail about what went wrong and how we could prevent it from happening again. Today, we've reached an agreement with the FTC to address their concerns. We'll receive an independent review of our privacy procedures once every two years, and we'll ask users to give us affirmative consent before we change how we share their personal information. We'd like to apologize again for the mistakes we made with Buzz.
The FTC accused Google of violating its own privacy policy by using personal information gathered via Gmail for social networking without user consent. The complaint also said Google deceived consumers with the options "Nah, go to my inbox" and "Turn Off Buzz" by making them believe they could opt-out of Buzz, while they were in fact enrolled in certain aspects.

For those who willfully enrolled in Buzz, a screen that asked them "How do you want to appear to others?" gave consumers the false impression they could control what personal information would be made public. In reality, their frequent email contacts were made public, which the FTC said Google failed to clearly disclose.

The FTC also charged Google with lying about its treatment of personal information from the European Union under the U.S.-EU Safe Harbor privacy framework. Google's claims about compliance with the agreement were false, the FTC said, since it failed to give E.U. residents notice and choice before using their information for purposes other than what it was collected for.

The proposed settlement forbids Google from misrepresenting the privacy or confidentiality of consumer information or compliance with the U.S.-E.U Safe Harbor or other privacy, security, or compliance programs. Google must also obtain the consent of users before sharing their information with third parties if it alters its products or services in a manner that invalidates any privacy promises made when a consumer's information was first collected.
Read Full Story
  • DJI27954.26267.350.97%
  • NIKKEI 22522843.9693.720.41%
    Hang Seng25244.02353.341.42%
  • USD (PER EUR)1.180.00510.44%
    USD (PER CHF)1.100.00600.55%
    JPY (PER USD)106.850.34300.32%
    GBP (PER USD)1.30-0.0024-0.18%

From Our Partners