Feeds

Google gets biennial privacy audit after Buzz blunder

Mountain View Chocolate Factory in settlement with FTC

Build a business case: developing custom apps

Google has agreed with the US Federal Trade Commission (FTC) to undergo regular privacy audits for the next 20 years, after bolting its ill-conceived Buzz social network on to Gmail in early 2010 without first seeking the consent of its users.

"When companies make privacy pledges, they need to honour them," said FTC chairman Jon Leibowitz.

"This is a tough settlement that ensures that Google will honour its commitments to consumers and build strong privacy protections into all of its operations."

Under the proposed settlement, as well as the audits every two years Mountain View is also required to implement a "comprehensive privacy program". Additionally, Google is barred from "future privacy misrepresentations".

The FTC complaint charged Google with violating its privacy policies by using information provided for its Gmail service in the company's Buzz social network.

"Today, we've reached an agreement with the FTC to address their concerns. We'll receive an independent review of our privacy procedures once every two years, and we'll ask users to give us affirmative consent before we change how we share their personal information," said Google privacy director Alma Whitten.

"We'd like to apologise again for the mistakes we made with Buzz. While today's announcement thankfully put this incident behind us, we are 100 per cent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward."

In February 2010 Buzz landed in the mailboxes of Google, and the service had not been tested outside the company. At the time we noted it was an unusual move for a company that once seemed to pride itself on deeply testing a product in beta via Google Labs.

By default, Buzz exposed users' most frequent Gmail contacts to the public internet. You did have the option of hiding the list from the public view, but many complained that the checkbox that let you do so was not prominently displayed. Within days, Google agreed to move the checkbox to a more prominent position, and it rejiggered the way it handles user contacts. But this didn't stop complaints from privacy advocates and a spate of lawsuits.

The backlash was immediate, with many complaining that an online email service should remain entirely separate from Google's social networking desires.

The Electronic Privacy Information Center (EPIC), which is a respected US public advocacy outfit, was quick to file a complaint with the FTC over Google Buzz.

In its complaint, EPIC said at the time that the service violated user expectations, diminished user privacy, and contradicted Google's privacy policy.

The group even questioned whether Buzz violated federal wiretap law. The US Electronic Communications Privacy Act prevents operators of "electronic communication" services from disclosing certain subscriber information without consent – including "addressing" information – and the privacy watchdog believed this "may" have applied to Buzz.

In its statement, the FTC made no mention of those allegations today, but it did allege "violations of the substantive privacy requirements of the US-EU Safe Harbor Framework."

The proposed settlement (PDF) now awaits acceptance by the Commission. Meanwhile, the public can wade in here.

The terms of the settlement will apply to Google worldwide, as Google's infrastructure operates worldwide. ®

Update: This story has been updated to better characterise the original release of Buzz and to point out that the settlement will apply worldwide.

The smart choice: opportunity from uncertainty

More from The Register

next story
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Delaware pair nabbed for getting saucy atop Mexican eatery
Burrito meets soft taco in alleged rooftop romp outrage
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.