Google Inc. today settled Federal Trade Commission charges that it used deceptive tactics and violated its own privacy promises to consumers, and agreed to implement an unprecedented privacy program.
The agency alleged that Google violated the FTC Act when it launched its social network, Google Buzz, in 2010 via its Gmail Web-based e-mail service.
According to the FTC, Google led Gmail users to believe that they could choose whether they wanted to join the network, but the options for declining or leaving the social network were ineffective.
On the day Buzz was launched, Gmail users got a message announcing the new service and were given two options: “Sweet! Check out Buzz,” and “Nah, go to my inbox.”
However, the FTC complaint alleged that some Gmail users who clicked on “Nah...” were nonetheless enrolled in certain features of the Google Buzz social network. For those Gmail users who clicked on “Sweet!,” the FTC alleges that they were not adequately informed that the identity of people they e-mailed most frequently would be made public by default. Google also offered a “Turn Off Buzz” option that did not fully remove the user from the social network.
“When companies make privacy pledges, they need to honor them,” said Jon Leibowitz, chairman of the FTC, in a written statement. “This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations."
The proposed settlement bars Google from misrepresenting the privacy or confidentiality of individuals’ information. It requires the company to obtain users’ consent before sharing their information with third parties if Google later changes its products or services in a way that results in information sharing that is contrary to any privacy promises made when the information was collected.
Google must also establish and maintain a comprehensive privacy program. For the next 20 years, the company must have audits conducted by independent third parties every two years to assess its privacy and data protection practices.
According to the FTC, the new privacy program is the first of its kind ever to be required in an agency settlement.
Commissioner J. Thomas Rosch concurred, but issued a separate statement. “I do not mean to defend Google. Google can – and should – speak for itself,” he wrote. The Republican commissioner’s concerns center on Part II of the settlement, which prohibits Google, without prior “express affirmative consent” from engaging in any “new or additional sharing” of previously collected personal information “with any third party” that results from “any change, addition, or enhancement” to any Google product or service.
“As a practical matter, this means that Google is at risk that Part II will apply across the board to every existing product or service that Google offers, including any product or service that involves the tracking and sharing of identified Google users’ browsing behavior,” he wrote.
“Part II seems to be contrary to Google’s self-interest. I therefore ask myself if Google willingly agreed to it, and if so, why it did so. Surely it did not do so simply to save itself litigation expense. But did it do so because it was being challenged by other government agencies and it wanted to ‘get the Commission off its back’? Or did it do so in hopes that Part II would be used as leverage in future government challenges to the practices of its competitors?”
Google was represented by Perkins Coie partner Albert Gidari and its general counsel, Kent Walker.
FTC lawyers include Kathryn Ratte and Katherine Race Brin.
Please be a consumer advocate and help the Electronic Privacy Information Center (epic.org) submit a million comments on Google Privacy this month:
http://epic.org/fixgoogleprivacy/default.php
Posted by: EC Rosenberg | April 06, 2011 at 12:54 PM