Feeds

Google gets biennial privacy audit after Buzz blunder

Mountain View Chocolate Factory in settlement with FTC

Next gen security for virtualised datacentres

Google has agreed with the US Federal Trade Commission (FTC) to undergo regular privacy audits for the next 20 years, after bolting its ill-conceived Buzz social network on to Gmail in early 2010 without first seeking the consent of its users.

"When companies make privacy pledges, they need to honour them," said FTC chairman Jon Leibowitz.

"This is a tough settlement that ensures that Google will honour its commitments to consumers and build strong privacy protections into all of its operations."

Under the proposed settlement, as well as the audits every two years Mountain View is also required to implement a "comprehensive privacy program". Additionally, Google is barred from "future privacy misrepresentations".

The FTC complaint charged Google with violating its privacy policies by using information provided for its Gmail service in the company's Buzz social network.

"Today, we've reached an agreement with the FTC to address their concerns. We'll receive an independent review of our privacy procedures once every two years, and we'll ask users to give us affirmative consent before we change how we share their personal information," said Google privacy director Alma Whitten.

"We'd like to apologise again for the mistakes we made with Buzz. While today's announcement thankfully put this incident behind us, we are 100 per cent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward."

In February 2010 Buzz landed in the mailboxes of Google, and the service had not been tested outside the company. At the time we noted it was an unusual move for a company that once seemed to pride itself on deeply testing a product in beta via Google Labs.

By default, Buzz exposed users' most frequent Gmail contacts to the public internet. You did have the option of hiding the list from the public view, but many complained that the checkbox that let you do so was not prominently displayed. Within days, Google agreed to move the checkbox to a more prominent position, and it rejiggered the way it handles user contacts. But this didn't stop complaints from privacy advocates and a spate of lawsuits.

The backlash was immediate, with many complaining that an online email service should remain entirely separate from Google's social networking desires.

The Electronic Privacy Information Center (EPIC), which is a respected US public advocacy outfit, was quick to file a complaint with the FTC over Google Buzz.

In its complaint, EPIC said at the time that the service violated user expectations, diminished user privacy, and contradicted Google's privacy policy.

The group even questioned whether Buzz violated federal wiretap law. The US Electronic Communications Privacy Act prevents operators of "electronic communication" services from disclosing certain subscriber information without consent – including "addressing" information – and the privacy watchdog believed this "may" have applied to Buzz.

In its statement, the FTC made no mention of those allegations today, but it did allege "violations of the substantive privacy requirements of the US-EU Safe Harbor Framework."

The proposed settlement (PDF) now awaits acceptance by the Commission. Meanwhile, the public can wade in here.

The terms of the settlement will apply to Google worldwide, as Google's infrastructure operates worldwide. ®

Update: This story has been updated to better characterise the original release of Buzz and to point out that the settlement will apply worldwide.

The essential guide to IT transformation

More from The Register

next story
GCHQ protesters stick it to British spooks ... by drinking urine
Activists told NOT to snap pics of staff at the concrete doughnut
Britain's housing crisis: What are we going to do about it?
Rent control: Better than bombs at destroying housing
What do you mean, I have to POST a PHYSICAL CHEQUE to get my gun licence?
Stop bitching about firearms fees - we need computerisation
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
Redmond resists order to hand over overseas email
Court wanted peek as related to US investigation
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?