Google has accepted a settlement with the U.S. Federal Trade Commission over various privacy issues, agreeing to be audited for its privacy practices for the next 20 years in a landmark case the agency says is the first time it has had to require any company to formally implement a comprehensive privacy program to protect users’ personal information, TalkingPointsMemo reports. The case was prompted over issues related to the now-defunct Google Buzz service.
The FTC initially charged Google with engaging in unfair and deceptive practices in 2010 by claiming users could easily opt-out of Buzz when in fact the tools that limited sharing of information were difficult to find, confusing and ultimately ineffective. Buzz, which was Google’s first attempt at a social networking service, was automatically attached to a GMail users’s account and made users’ contacts public by default.
Though the company made changes in response to thousands of complaints from users as well as the government, the FTC pursued the case because the company had violated its own privacy policies and had enrolled some GMail users in Google Buzz even after they had declined the service, or left former users’ information available even after they had successfully opted out. Google eventually settled a class-action lawsuit by promising reform and setting up an $8.5 million fund to educate users about privacy risks.
Under the terms of the settlement, Google will be audited every two years by an independent third-party monitoring service for adherence to its privacy policies and what it is doing with users’ personal information. The government may also require Google to make changes to its current privacy policies. Google must also now inform users and get their consent before sharing information with third parties.
Critics have long argued that Google primarily derives its revenue from advertising, and as such has an inescapable conflict of interest in that the information it gathers about users — which can be quite extensive — is of high value to its advertiser clients. The company has always said that it primarily uses information about its users to enhance products and services, but its policies vary across product lines, and are not considered comprehensive or able to provide clear separation between what information is kept private by Google and what information is shared.
The Google+ social network, which Google started after Buzz, has generally met with more praise regarding how it handles the sharing of information and allows users to control what is known about them on a finer level. Google’s senior manager Chris Gaither told the website that the company had completely revamped its approach to privacy, appointing a longtime Google engineer as director of privacy across all product management and engineering.
Google has had a history of problems balancing its need for information about its users with disclosure. Last May, the company attracted the attention of European regulators when it was revealed that it had inadvertently collected data from private Wi-Fi networks as part of its Street View collection efforts. It also had to backtrack on the way its Android mobile OS collects information — although Apple had a similar issue with inadvertent storage of location tracking info on iOS — and has been criticized for caving in to Chinese authorities over censorship issues, which has worked to suppress dissidents in the country.
The FTC voted to approve the settlement 4-0 following a period of public comment. The settlement was first proposed last March.
