The Federal Trade Commission said Wednesday that Google agreed to settle a complaint that it violated its own privacy promises to consumers when it rolled out its Buzz social networking application.
The settlement requires Google to adopt a comprehensive privacy program and to submit to an independent privacy audit every two years for the next two decades. This is the first time the FTC has required a company to implement such a program.
The FTC’s action follows a recent spate of Internet privacy investigations that include Twitter and Facebook, and it underscores growing interest by federal regulators to protect consumers online.
In the Google case, the FTC said in a release that the Internet giant “used deceptive tactics” when it launched Buzz through the accounts of its Gmail users.
The company did not inform its estimated 200 million Gmail users that it would launch a social networking application using information in its e-mail accounts. Some users complained that contact lists and other data were publicly exposed and that they had a hard time opting out of the social application.
Buzz, launched in February 2010, allows users to post updates and share pictures and videos much in the same way Facebook operates.
Google, in its terms of service, had promised that information by Gmail users would be used only for the e-mail application. If the company wanted to use those data for other services, it promised it would inform users and ask permission.
“When companies make privacy pledges, they need to honor them,” said Jon Leibowitz, chairman of the FTC. “This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections.”
Google announced in October that it would beef up privacy training for all employees and created a position to oversee privacy efforts.
That move prompted the FTC in October to drop a separate investigation of the privacy flap over data collected by Google cars that take pictures for Street View maps. Those cars also collected information from WiFi networks around the world. The Federal Communications Commission is conducting a separate investigation into Google’s scarfing of WiFi data, as are several privacy regulators in other countries. Google has apologized for the Street View incident.
On its official blog, Google apologized again for catching users off guard with Buzz.
“The launch of Google Buzz fell short of our usual standards for transparency and user control — letting our users and Google down,” Alma Whitten, the company’s privacy director, wrote in the blog. “While we worked quickly to make improvements, regulators — including the U.S. Federal Trade Commission — unsurprisingly wanted more detail about what went wrong and how we could prevent it from happening again.”
Privacy advocates said the investigation was a signal to Silicon Valley that the federal government has become aggressive in enforcing consumer protections online.
The White House said this month that it supports legislation for online privacy that would protect information that can pinpoint users. Lawmakers including Sen. John F. Kerry (D-Mass.) have called for a law that makes the FTC the top cop of online privacy legislation and limits targeted advertising.
The FTC wants to give Internet users more control over how their information is used by creating a Do Not Track industry standard. That mechanism would probably come in the form of a browser-based technology that allows users to block firms from tracking their activity on the Web. Microsoft and Mozilla have recently announced technologies on their browsers for users to block tracking.
Sen. John D. Rockefeller IV (D-W.Va.) said he commended the FTC for its aggressive enforcement of consumer protection laws.
“This should be a wake-up call for online businesses — both large and small — of the need to be clear and honest about how the personal information of consumers is collected and used,” he said in a statement.
But Jeffrey Chester, executive director of the Center for Digital Democracy, said the FTC’s investigations into online privacy have prompted Web firms and advertisers to push for the Commerce Department to oversee privacy protections.
“They would prefer to work with a pro-industry federal department than an independent consumer-oriented watchdog,” Chester said.
Republican and Democratic lawmakers are in general agreement that more protections are needed for Internet privacy. But some free-market advocates oppose the idea of a new law, saying the FTC does a good job of enforcing consumer protection on a case-by-case basis.
In June, the FTC reached a settlement with Twitter after hackers broke into user accounts and exposed privacy weaknesses on the microblogging platform. This month, online advertiser Chitika also settled with the FTC for allegedly tracking online activities of users who had opted out of the company’s service.