Google's FTC privacy report unmasked

Google's FTC privacy report unmasked

Summary: Google defends its forthcoming privacy policy changes in a report to the FTC saying that no new data sharing will take place. One privacy agency says Google did not answer all the questions it was required to address.

TOPICS: Google, Legal, Security

Updated 1pm PST

Google's mandatory privacy compliance report to the Federal Trade Commission has been released under a Freedom on Information Act request and in it the search giant defends its forthcoming privacy policy changes.

Google says revisions to its privacy policy, due for release March 1, don't include any new sharing of data beyond what was permitted under the policy now in place. Google has been repeating that message since January 24th when its new policy was announced.

The company was required to file the report with the FTC as part of a consent order handed down in October as part of a settlement with the agency over privacy violations related to the rollout of Google Buzz in 2010.

On Friday, Google took the step of publicly releasing the report itself - providing a copy to the Politico web site - even though the Electronic Privacy Information Center (EPIC) had filed a Freedom of Information Act request to get the document. The FTC confirmed that it has not processed the FOIA request. In addition, sources also confirmed that Google did not request the report be sealed when it was submitted to the FTC.

The compliance report was made public under a FOIA request submitted by the Electronic Privacy Information Center (EPIC). EPIC filed the FOIA request on Feb. 1 and asked for an expedited delivery given the impending March 1 rollout of Google's privacy policy changes.

In a statement on its website, EPIC charges that Google failed to answer many of the questions as required by the consent order, and "most significantly, the company did not explain to the Commission the impact on user privacy of the proposed changes that will take place on March 1."

EPIC recently has been raising privacy concerns about Google (and Facebook) and last week filed a lawsuit against the FTC to compel it to enforce the Google consent order. The next day, a federal court granted EPIC's request to expedite the FTC's response to EPIC's concerns. The response is due Feb. 17.

The case has the potential to impact Google's rollout of its new privacy policy.

The consent order gave Google 90-days to file "a true and accurate report, in writing, setting forth in detail the manner and form in which respondent has complied with this order." In the report, Google addresses its newest policy plan revision and details the consolidation of its privacy policies down to one.

"No new or additional third-party sharing is permitted under this revised policy beyond that which would have been permitted under the prior policy." The report went on to say that the resulting effort to inform users of the change is the "largest user-facing notification effort Google has ever undertaken, for any reason."

The company outlines its self-proclaimed "aggressive notification process" for getting the word out to Google's users.

It also details privacy programs the company has undertaken, from high-level awareness classes to more targeted programs, including "Innovation in Privacy" training to help technical employees design products with privacy in mind.

The report is the first the company has filed with the FTC. Another is due in May that must be conducted by an independent third-party assessor. Google has selected PriceWaterhouse Coopers to perform that assessment pending approval by the FTC.

After the May report, Google must file an assessment and report every two years until 2031.

Topics: Google, Legal, Security


John Fontana is a journalist focusing on authentication, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he also blogs about industry issues and standards work, including the FIDO Alliance.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Pleading the fifth?

    [i]One privacy agency says Google did not answer all the questions it was required to address[/i]
    William Farrel
    • RE: Google's FTC privacy report unmasked

      @William Farrel - Probably a good bet. The Goog is only going to answer what it is forced to. Its in the information mining and advertising business. so.. business as usual.
  • RE: Google's FTC privacy report unmasked

    Google may be conducting an ???aggressive notification process??? for getting the word out to it's users but the elephant in the room is the fact that it knows the average user won't read any of it.

    I've read their new policy in it's entirety and get this...

    The only way to "opt-out" is to not login to ANY of their services!

    Yep, starting March 1, as soon as you login to any ONE of their services, you give them permission to get and use ALL your information from every Google service you use, from Gmail to Search (they have 60 services).

    Google owes every user a fully informed opt-in process, including a clear layperson's explanation of the downsides. That's why this petition was started on

    The only way to protect yourself is to be informed and make your voice heard.
    • RE: Google's FTC privacy report unmasked

      @OrganizingCoach Uhhh... if you're only using one google service, there is no other data from other services.
    • RE: Google's FTC privacy report unmasked

      @OrganizingCoach - What exactly do you want to "opt out" of? I mean, if you don't want Google to know anything about you - anything! - the only reasonable choice is to not use any of their services. Funny how that works. Or maybe you do know what you're talking about, and you want to use Google's services, but you also want them to keep each service in their own little box and not allow the boxes to talk to each other, because that's how it was before and change is bad. In that case, I don't really care what you think because clearly you're insane.
  • RE: Google's FTC privacy report unmasked

    Honestly, why is this being such a big deal? Really, I have read the privacy policies (both old and new), the old one was simply hard to understand, but it is the same thing as the new one. The new one simply merges them all into one, easy to understand document. If you don't like it, then now is the time to get out of Google services, although you are not agreeing to anything new. In fact this gives you more privacy than in some of the privacy policies for various Google services did in the past (especially Picassa, prior to this they could use your work for absolutely any reason and sell it to anyone they wanted to, now it will be limited).
  • RE: Google's FTC privacy report unmasked

    Am I missing something here in regards to what does this all mean in regards to the Android platform - also "owned" by Google.
    Will your phone calls be subject to data mining? Surfing on your tablet? This data is mined too?
  • Revisions to this report revealed

    It's nice that you show marked-out words that are deleted from the previous "copy" to the current version of this article, but it would be even better if you also were to show (as by underlining) what new words were added in creating the latest edition.