Buzz: FTC Charges Google With Deceptive Practices


In what's being hailed as its biggest privacy action in almost 10 years, the Federal Trade Commission said it had charged Google with engaging in deceptive practices stemming from the launch of Buzz.

The FTC also said that Google had agreed to create a comprehensive privacy program and submit to independent privacy audits for the next 20 years. Google also promised to obtain users' explicit opt-in consent before sharing their information more broadly than its privacy policy allowed at the time of collection.

While Google has been the subject of numerous complaints by privacy advocates, this case marks the first time the FTC has filed charges against the search giant. The FTC alleged that Google violated its own privacy policy and used deceptive tactics when it launched its social network Buzz.



When Google debuted Buzz, the service created social networks from people's Gmail contacts. But Google designed the feature so that it initially revealed information about the names of users' email contact if users activated Buzz without changing the defaults. That design meant that a host of confidential information could inadvertently become known, including the names of Gmail users' doctors, lawyers or coworkers.

Although Google revised Buzz shortly after its launch, the company was unable to stem widespread criticism by privacy advocates and consumers. The Electronic Privacy Information Center filed a complaint with the FTC alleging that Google violated users' expectations of privacy, as well as its own privacy policy, when it launched Buzz.

Seven Gmail users also filed their own lawsuits. Those cases were consolidated into one class-action, which Google recently agreed to pay $8.5 million to settle. The agreement in that matter calls for Google to pay $6 million to various privacy organizations, $2,500 to each of seven individual Web users who sued, and $2.5 million to the attorneys who brought the case.

EPIC executive director Marc Rotenberg says that Wednesday's enforcement action could have a far-reaching impact. "It's probably the most significant privacy decision from the FTC to date," he says. "It makes clear to other companies that the FTC is prepared to enforce privacy policies and that the FTC is prepared to establish privacy standards."

Rotenberg adds that while the FTC has actively pursued companies who don't do enough to secure users' passwords, actions relating to privacy are far more rare. He says that the FTC's biggest privacy case prior to Wednesday's action against Google occurred in 2002, when the FTC extracted concessions from Microsoft related to its Passport identification system that collected personal information from users.

The FTC will accept comments through May 2 about whether to approve the Google deal. But one commissioner, J. Thomas Rosch, is already expressing reservations about a provision calling for Google to obtain users' opt-in consent to sharing information in new ways. That requirement "applies not just to Google's social networking services or products, but to every single Google service or product that undergoes some 'change, addition, or enhancement.'" Rosch stated.

He added that the opt-in consent requirement appears contrary to Google's self-interest, because it could apply to any product or service Google offers, including those that involve "the tracking and sharing of identified Google users' browsing behavior."

Google's Alma Whitten, director of privacy, product and engineering, again apologized for the Buzz rollout. "We are 100 percent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward," she said on Google's blog.

Next story loading loading..