Feeds

Google gets biennial privacy audit after Buzz blunder

Mountain View Chocolate Factory in settlement with FTC

Security for virtualized datacentres

Google has agreed with the US Federal Trade Commission (FTC) to undergo regular privacy audits for the next 20 years, after bolting its ill-conceived Buzz social network on to Gmail in early 2010 without first seeking the consent of its users.

"When companies make privacy pledges, they need to honour them," said FTC chairman Jon Leibowitz.

"This is a tough settlement that ensures that Google will honour its commitments to consumers and build strong privacy protections into all of its operations."

Under the proposed settlement, as well as the audits every two years Mountain View is also required to implement a "comprehensive privacy program". Additionally, Google is barred from "future privacy misrepresentations".

The FTC complaint charged Google with violating its privacy policies by using information provided for its Gmail service in the company's Buzz social network.

"Today, we've reached an agreement with the FTC to address their concerns. We'll receive an independent review of our privacy procedures once every two years, and we'll ask users to give us affirmative consent before we change how we share their personal information," said Google privacy director Alma Whitten.

"We'd like to apologise again for the mistakes we made with Buzz. While today's announcement thankfully put this incident behind us, we are 100 per cent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward."

In February 2010 Buzz landed in the mailboxes of Google, and the service had not been tested outside the company. At the time we noted it was an unusual move for a company that once seemed to pride itself on deeply testing a product in beta via Google Labs.

By default, Buzz exposed users' most frequent Gmail contacts to the public internet. You did have the option of hiding the list from the public view, but many complained that the checkbox that let you do so was not prominently displayed. Within days, Google agreed to move the checkbox to a more prominent position, and it rejiggered the way it handles user contacts. But this didn't stop complaints from privacy advocates and a spate of lawsuits.

The backlash was immediate, with many complaining that an online email service should remain entirely separate from Google's social networking desires.

The Electronic Privacy Information Center (EPIC), which is a respected US public advocacy outfit, was quick to file a complaint with the FTC over Google Buzz.

In its complaint, EPIC said at the time that the service violated user expectations, diminished user privacy, and contradicted Google's privacy policy.

The group even questioned whether Buzz violated federal wiretap law. The US Electronic Communications Privacy Act prevents operators of "electronic communication" services from disclosing certain subscriber information without consent – including "addressing" information – and the privacy watchdog believed this "may" have applied to Buzz.

In its statement, the FTC made no mention of those allegations today, but it did allege "violations of the substantive privacy requirements of the US-EU Safe Harbor Framework."

The proposed settlement (PDF) now awaits acceptance by the Commission. Meanwhile, the public can wade in here.

The terms of the settlement will apply to Google worldwide, as Google's infrastructure operates worldwide. ®

Update: This story has been updated to better characterise the original release of Buzz and to point out that the settlement will apply worldwide.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Special pleading against mass surveillance won't help anyone
Protecting journalists alone won't protect their sources
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Apple's iPhone 6 first-day sales are MEANINGLESS, mutters analyst
Big weekend queues only represent fruity firm's supply
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Bill Gates, drugs and the internet: Top 10 Larry Ellison quotes
'I certainly never expected to become rich ... this is surreal'
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
EMC, HP blockbuster 'merger' shocker comes a cropper
Stand down, FTC... you can put your feet up for a bit
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.