[JURIST] The Federal Trade Commission (FTC) [official website] announced Wednesday that it has reached a settlement [press release] with Google [corporate website, JURIST news archive] over charges that the Internet giant breached consumer privacy rights and was misleading during the launch of its social networking platform, Google Buzz [website]. The FTC complaint [text, PDF] alleges that when Google launched Buzz through its web-based email, Gmail, users were automatically enrolled without their consent and were unable to decline or leave the social network and that the Buzz privacy controls were confusing. The FTC also charged Google with asserting false claims to the Department of Commerce [official website] that it was adhering to the substantive privacy requirements of the US-EU Safe Harbor Framework [materials]. Under the proposed settlement [text, PDF], Google must obtain users’ consent before sharing their information with third parties or using it in any of its new products or services. Google must also establish a comprehensive privacy program and submit to regular, independent audits of its privacy and data protection practices for the next 20 years. Google is further prohibited from misrepresenting its privacy and confidentiality policies to consumers or its compliance with privacy and security programs. If Google fails to comply with the settlement, it may be subject to a $16,000 fine per violation [Reuters report]. FTC Chairman Jon Leibowitz [official profile] said:
When companies make privacy pledges, they need to honor them. This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations.
Google Director of Privacy, Product & Engineering Alma Whitten apologized [text] and expressed the company’s commitment to ensuring individual privacy. Google previously reached a settlement [text, PDF; JURIST report] in a class action lawsuit in response to a complaint [text, PDF] alleging that the Buzz application exposed private user data, including contact lists, to other Gmail users. Under the earlier settlement, Google will place $8.5 million dollars into a common fund to distribute to organizations that provide education regarding Internet privacy. Google stressed that the settlement did not mean that the company was admitting liability for the privacy breach and that the company has since resolved all privacy issues with the Buzz application.
Google has recently faced a number of allegations of violating privacy laws, both in the US and abroad. In November, the Federal Communications Commission (FCC) [official website] confirmed that it is investigating [JURIST report] Google to determine if it violated communications laws when its Street View [JURIST news archive] vehicles inadvertently collected private user data, including passwords and URLs, over WiFi networks. In October, the FTC ended an inquiry [JURIST report] into the company’s data collection through Street View cars after Google assured the FTC that it did not use any of the collected data and announced that it was committed to compliance with privacy laws [text], instituting new training on privacy principles and appointing a new director of privacy. In addition to investigations within the FCC and the FTC, Google has come under investigation for privacy breaches relating to its Street View program in the UK, France, Canada, Australia, South Korea and Spain [JURIST reports]. Most recently, a Berlin court ruled [judgment, in German; JURIST report] that Google Street View is legal in Germany. The ruling was narrowly focused on property rights and did not address larger data protection issues the company is currently confronting.