The Federal Trade Commission and Google Inc. have reached a settlement regarding an investigation of Buzz, Google’s social networking utility. The settlement charges Google with deceptive tactics, saying that Google violated its own privacy promise to consumers in launching of Buzz.
The terms of the settlement “bar Google from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years.”
The FTC started the probe soon after Buzz’s launch in 2010 when consumers complained that Buzz revealed private information without forewarning or getting users’ consent.
Google launched Buzz through Gmail, pushing an option to subscribers’ inboxes that said, ““Sweet! Check out Buzz,” and “Nah, go to my inbox.” According to the complaint, users who opted to use Buzz “were not adequately informed that the identity of individuals they emailed most frequently would be made public by default.” In addition, those who opted out of Buzz were not excluded from the social network in its entirety; Buzz automatically enrolled them in certain features. And although Google offered a “turn off Buzz” toggle, certain features of the network remained active.
These violations prompted the FTC to issue settlement order–the first of its kind–requiring the company to implement a comprehensive privacy program. In addition, this is the first time the FTC has alleged violations of the privacy requirements of the U.S.-EU Safe Harbor Framework, which provides a method for U.S. companies to transfer personal data lawfully from the European Union to the United States.
The majority of complaints came from consumers whose email contacts were revealed via the social network. According to the probe, Buzz automatically made users’ top email contacts available to the public without giving adequate warnings that it would do so. In some cases public disclosures included “ex-spouses, patients, students, employers, or competitors emails addresses and contacts.”
This violated Google’s own privacy promise, which said subscribers, upon entering their information for a Google service, could expect Google to use that information only for the purposes of that particular service. In this case, Google used peoples’ email contact lists for the Buzz social network.
Google made an official apology today:
“The launch of Google Buzz fell short of our usual standards for transparency and user control—letting our users and Google down. While we worked quickly to make improvements, regulators—including the U.S. Federal Trade Commission—unsurprisingly wanted more detail about what went wrong and how we could prevent it from happening again. Today, we’ve reached an agreement with the FTC to address their concerns. We’ll receive an independent review of our privacy procedures once every two years, and we’ll ask users to give us affirmative consent before we change how we share their personal information.”
That didn’t seem like too much to ask for. It did, however, cost Google $8.8 million to settle with plaintiffs. Not to mention the bad PR.
The settlement is indicative of Google’s dilemma: it needs to be a bit more invasive to catch up with Facebook, who has snagged ad revenues; it also has faced numerous privacy complaints and lawsuits from all over the globe.
As the company looks to roll out its new social recommendation engine +1, which is built into the search engine, company engineers have striven to make the social components clear to consumers.
“If you wouldn’t feel comfortable telling your friends and broadcasting this to the world, then of course you don’t have to click the +1 button,” Matt Cutts, engineer with Google, told the NYT.