Google has been given a slapped wrist by the Federal Trade Commission (FTC) and will receive an independent review of its privacy procedures once every two years following the Buzz controversy.
When Google's social network was launched over a year ago, it was met with heavy user criticism over the privacy settings of connections and how users were automatically enrolled into the network without their permission.
The FTC said that on the day Buzz was launched, Gmail users got a message announcing the new service and were given two options: ‘Sweet! Check out Buzz' or ‘Nah, go to my inbox'. The FTC complaint alleged that some Gmail users who clicked on ‘Nah...' were nonetheless enrolled in certain features of the Google Buzz social network. Those Gmail users who clicked on ‘Sweet', the FTC alleged, were not adequately informed that the identity of individuals they emailed most frequently would be made public by default.
Google was also accused of mistreating personal information from the European Union in accordance with the US-EU Safe Harbor privacy framework, as the company failed to give consumers notice and choice before using their information for a purpose different from that for which it was collected.
Jon Leibowitz, chairman of the FTC, said: “When companies make privacy pledges, they need to honour them. This is a tough settlement that ensures that Google will honour its commitments to consumers and build strong privacy protections into all of its operations.”
Google has agreed to settle Federal Trade Commission charges that it used deceptive tactics and violated its own privacy promises to consumers when it launched Buzz. The proposed settlement bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program and calls for regular, independent privacy audits for the next 20 years.
The settlement also requires Google to obtain users' consent before sharing their information with third parties and if it changes its products or services in a way that results in information being shared that is contrary to any privacy promises made when the user's information was collected. The FTC said that this was the first time one of its settlement orders had required a company to implement a comprehensive privacy program to protect the privacy of consumers' information.
Alma Whitten, director of privacy, product and engineering at Google, admitted that it does not get everything right and that the launch of Buzz fell short of its usual standards for transparency and user control, thereby ‘letting our users and Google down'.
“While we worked quickly to make improvements, regulators unsurprisingly wanted more detail about what went wrong and how we could prevent it from happening again. Today, we've reached an agreement with the FTC to address their concerns,” said Whitten.
“We will receive an independent review of our privacy procedures once every two years and we'll ask users to give us affirmative consent before we change how we share their personal information. We would like to apologise again for the mistakes we made with Buzz. While today's announcement thankfully put this incident behind us, we are 100 per cent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward.”