Share

Top 5 Stories

News

Google runs into FTC Buzz-saw

31 March 2011

The Federal Trade Commission (FTC) is requiring Google to implement a comprehensive privacy program to protect consumers as the result of alleged abuses related to the launch of its Buzz social network.

The FTC charged Google with deceptive privacy practices and violating its own privacy policy regarding the rollout of Google’s Buzz social network in 2010.

Google agreed to a proposed settlement with the FTC under which the agency barred Google from future privacy misrepresentations, required the company to implement a comprehensive privacy program, and called for regular independent privacy audits for the next 20 years.

The FTC said that this was the first time the agency had required a company to take such actions as part of a settlement order.

According to the FTC complaint, Google led Gmail users to believe that they could opt-out of joining the Buzz social network, but the options for declining or leaving the network were “ineffective.”

In addition, for Gmail users who joined the Buzz network, the controls for limiting the sharing of personal information were confusing and difficult to find, according to the complaint.

At the time of the Buzz launch, Google’s privacy policy stated, “When you sign up for a particular service that requires registration, we ask you to provide personal information. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use.” The FTC charged that Google violated this policy by using information provided by Gmail users for the Buzz network without obtaining their permission in advance.

The FTC complaint also alleged that a screen that asked consumers enrolling in Buzz, “How do you want to appear to others?” indicated that consumers could exercise control over what personal information would be made public. The FTC charged that Google failed to disclose adequately that consumers’ frequent email contacts would become public by default.

In addition, the FTC alleged that Google misrepresented that it was treating personal information from the European Union in accordance with the U.S.-EU Safe Harbor privacy framework. The complaint said that Google’s assertion that it adhered to the Safe Harbor principles was false because the company failed to give consumers notice and choice before using their information for a purpose different from that for which it was collected.

On Google’s official blog, Alma Whitten, Google’s director of privacy, product and engineering, admitted that the launch of Buzz “fell short of our usual standards for transparency and user control.” Whitten said that Google worked with the FTC to provide more detail about “what went wrong” with the Buzz launch and how this type of thing could be prevented in the future.

“We’d like to apologize again for the mistakes we made with Buzz. While today’s announcement thankfully put this incident behind us, we are 100 percent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward”, Whitten concluded.

This article is featured in:
Compliance and Policy  •  Data Loss  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×