Google to toughen privacy policy, undergo regular audits, in FTC settlement


This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.

Google Inc., has agreed to implement a comprehensive privacy policy and undergo 20 years of independent audits as part of a settlement with the Federal Trade Commission in connection with charges that it used deceptive tactics and violated promises to customers when launching its Buzz social network last year.

The terms of the settlement, announced Wednesday, were among the toughest ever handed out by federal regulators in a privacy case. It was the first time the FTC has required a company to put in place a sweeping privacy policy to protect consumer data, the agency said.


‘When companies make privacy pledges, they need to honor them,’ said FTC Chairman Jon Leibowitz. ‘This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations.’

Google will be required to give users ‘a clear and prominent notice and to obtain express affirmative consent prior to sharing the Google user’s information with any third party in connection with a change, addition or enhancement to any product or service,’ according to the settlement. Google also will have to undergo a third-party review every two years for the next 20 years that certifies its privacy policy adheres to standards set in the settlement.

Google admitted Wednesday in a blog post that ‘we don’t always get everything right,’ and apologized again ‘for the mistakes we made with Buzz.’

‘The launch of Google Buzz fell short of our usual standards for transparency and user control -- letting our users and Google down,’ Alma Whitten, the company’s director of privacy, product and engineering, wrote in the post. ‘While we worked quickly to make improvements, regulators -- including the U.S. Federal Trade Commission -- unsurprisingly wanted more detail about what went wrong and how we could prevent it from happening again. Today, we’ve reached an agreement with the FTC to address their concerns.’

Google launched the Buzz social network in early 2010 inside millions of accounts in its Gmail email service in hopes of developing a competitor to Facebook. But it quickly sparked an uproar as Gmail users worried that their contacts and other information would be exposed.

The FTC found that the options for opting out of Buzz were ‘ineffective’ and that Google had ‘misrepresented’ to consumers that they could opt out of the service. Gmail users who chose the ‘Nah, go to my inbox’ option when they got a message about the new service ‘were nonetheless enrolled in certain features,’ the FTC said.


Google changed the service in response to thousands of customer complaints and apologized for the problems, but that didn’t satisfy privacy advocates, who said the damage was already done. The Electronic Privacy Information Center filed a formal complaint with the FTC. The group called Wednesday’s settlement ‘the most significant privacy decision by the commission to date.’

‘The FTC has sent a powerful message to Google and the online data collection giants: We are watching you as you watch consumers,’ said Jeff Chester, executive director of the Center for Digital Democracy, another privacy advocacy group. ‘The commission’s requirement that an independent outside privacy auditor is needed for Google for the next 20 years demonstrates what consumer advocates have been saying -- that Google and other online marketing companies are not being candid about their digital ad practices.’


Google fined 100,000 euros by France for Street View’s private data collection

Facebook might prevent applications from asking minors for contact info

Google reaches deal with Connecticut in Wi-Fi probe


-- Jim Puzzanghera