Google Settles FTC Charges, Faces 20 Years of Privacy Audits

Lora Bentley
Slide Show

Six Privacy Principles Google Forgot

I thought Google had resolved the inquiries surrounding its Buzz service awhile ago. Like November. But it turns out only the lawsuits were settled in November. Federal Trade Commission charges that arose out of the Buzz privacy problems were settled Wednesday, according to The Washington Post.


The charges result from a complaint filed by the Electronic Privacy Information Center when Buzz launched. At the time, EPIC alleged Google's use of Gmail users' information in Buzz

violated user privacy expectations, diminished user privacy, contradicted Google's own privacy policy, and may have also violated federal wiretap laws.

According to a statement announcing both the charges and settlement agreement, the FTC found that "Google used deceptive tactics and violated its own privacy promises to consumers" when Buzz launched, and that such deceptive practices violated both the FTC Act and the U.S.-EU Safe Harbor framework.


Under the terms of the settlement, Google must undergo an independent audit of its privacy practices every other year for 20 years. The company must also adopt a "comprehensive privacy program" and must not misrepresent the privacy of user information or compliance with the Safe Harbor framework. If Google plans to use information differently than in the manner disclosed when it first collected the information, users must consent to the change in plans.


The charges mark the first time the FTC has charged noncompliance with the Safe Harbor agreement, as well as the first time it has imposed a long-standing independent privacy audit requirement. (The UK imposed a similar audit requirement following its investigation into Google's "inadvertent" collection of private Wi-Fi data while ramping up its Street View program there.)


The action comes on the heels of renewed government interest in online privacy. U.S. officials are currently pushing for the nation's first comprehensive privacy legislation.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.