Google knew it had blown its own privacy rules with Google Buzz. That's why Google and the Federal Trade Commission (FTC) quickly agreed that Google would submit to third-party privacy audits for the next 20 years to settle allegations it misused users' personal information. Google wanted to take its punishment and move on.
The FTC had alleged that Google misrepresented its privacy claims because it led Gmail users to believe they could choose to join Buzz. Instead, Google Buzz, Google's first attempt at a social network, was integrated into Gmail. This resulted in Buzz users' e-mail contacts being made public. That didn't go over well.
By the end of March, Google has apologized for its blunder. Alma Whitten, Google's Director of Privacy, wrote, "User trust really matters to Google. That's why we try to be clear about what data we collect and how we use it-and to give people real control over the information they share with us."
She continued, "That said, we don't always get everything right. The launch of Google Buzz fell short of our usual standards for transparency and user control-letting our users and Google down. While we worked quickly to make improvements, regulators-including the U.S. Federal Trade Commission-unsurprisingly wanted more detail about what went wrong and how we could prevent it from happening again. Today, we've reached an agreement with the FTC to address their concerns. We'll receive an independent review of our privacy procedures once every two years, and we'll ask users to give us affirmative consent before we change how we share their personal information."
Whitten concluded, "We'd like to apologize again for the mistakes we made with Buzz. While today's announcement thankfully put this incident behind us, we are 100 percent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward."
Under the settlement, Google has agreed to implement a comprehensive privacy program. Google also promised not to misrepresent its future privacy practices. Officially, "The settlement bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years."
According to the FTC's Google order (PDF Link) the "Covered information" that Google must protect, shall mean information respondent collects from or about an identifier, such as IP address; (e) telephone number, including home telephone number and mobile telephone number; (f) list of contacts; (g) physical location; or any other information from or about an individual consumer that is combined with (a) through (g)"
The FTC also states that this is the first settlement that requires a company to maintain a comprehensive Internet privacy program. Now, if the FTC would only do something about Facebook and its user tracking ways...