Feeds

Google gets biennial privacy audit after Buzz blunder

Mountain View Chocolate Factory in settlement with FTC

Securing Web Applications Made Simple and Scalable

Google has agreed with the US Federal Trade Commission (FTC) to undergo regular privacy audits for the next 20 years, after bolting its ill-conceived Buzz social network on to Gmail in early 2010 without first seeking the consent of its users.

"When companies make privacy pledges, they need to honour them," said FTC chairman Jon Leibowitz.

"This is a tough settlement that ensures that Google will honour its commitments to consumers and build strong privacy protections into all of its operations."

Under the proposed settlement, as well as the audits every two years Mountain View is also required to implement a "comprehensive privacy program". Additionally, Google is barred from "future privacy misrepresentations".

The FTC complaint charged Google with violating its privacy policies by using information provided for its Gmail service in the company's Buzz social network.

"Today, we've reached an agreement with the FTC to address their concerns. We'll receive an independent review of our privacy procedures once every two years, and we'll ask users to give us affirmative consent before we change how we share their personal information," said Google privacy director Alma Whitten.

"We'd like to apologise again for the mistakes we made with Buzz. While today's announcement thankfully put this incident behind us, we are 100 per cent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward."

In February 2010 Buzz landed in the mailboxes of Google, and the service had not been tested outside the company. At the time we noted it was an unusual move for a company that once seemed to pride itself on deeply testing a product in beta via Google Labs.

By default, Buzz exposed users' most frequent Gmail contacts to the public internet. You did have the option of hiding the list from the public view, but many complained that the checkbox that let you do so was not prominently displayed. Within days, Google agreed to move the checkbox to a more prominent position, and it rejiggered the way it handles user contacts. But this didn't stop complaints from privacy advocates and a spate of lawsuits.

The backlash was immediate, with many complaining that an online email service should remain entirely separate from Google's social networking desires.

The Electronic Privacy Information Center (EPIC), which is a respected US public advocacy outfit, was quick to file a complaint with the FTC over Google Buzz.

In its complaint, EPIC said at the time that the service violated user expectations, diminished user privacy, and contradicted Google's privacy policy.

The group even questioned whether Buzz violated federal wiretap law. The US Electronic Communications Privacy Act prevents operators of "electronic communication" services from disclosing certain subscriber information without consent – including "addressing" information – and the privacy watchdog believed this "may" have applied to Buzz.

In its statement, the FTC made no mention of those allegations today, but it did allege "violations of the substantive privacy requirements of the US-EU Safe Harbor Framework."

The proposed settlement (PDF) now awaits acceptance by the Commission. Meanwhile, the public can wade in here.

The terms of the settlement will apply to Google worldwide, as Google's infrastructure operates worldwide. ®

Update: This story has been updated to better characterise the original release of Buzz and to point out that the settlement will apply worldwide.

Application security programs and practises

More from The Register

next story
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.