Google cops a plea with FTC on Privacy violations

Google cops a plea with FTC on Privacy violations

Summary: The FTC has settled its privacy case against Google. Google is to have its privacy management monitored for next twenty-years.


FTC Seal

FTC Seal

Google knew it had blown its own privacy rules with Google Buzz. That's why Google and the Federal Trade Commission (FTC) quickly agreed that Google would submit to third-party privacy audits for the next 20 years to settle allegations it misused users' personal information. Google wanted to take its punishment and move on.

The FTC had alleged that Google misrepresented its privacy claims because it led Gmail users to believe they could choose to join Buzz. Instead, Google Buzz, Google's first attempt at a social network, was integrated into Gmail. This resulted in Buzz users' e-mail contacts being made public. That didn't go over well.

By the end of March, Google has apologized for its blunder. Alma Whitten, Google's Director of Privacy, wrote, "User trust really matters to Google. That's why we try to be clear about what data we collect and how we use it-and to give people real control over the information they share with us."

She continued, "That said, we don't always get everything right. The launch of Google Buzz fell short of our usual standards for transparency and user control-letting our users and Google down. While we worked quickly to make improvements, regulators-including the U.S. Federal Trade Commission-unsurprisingly wanted more detail about what went wrong and how we could prevent it from happening again. Today, we've reached an agreement with the FTC to address their concerns. We'll receive an independent review of our privacy procedures once every two years, and we'll ask users to give us affirmative consent before we change how we share their personal information."

Whitten concluded, "We'd like to apologize again for the mistakes we made with Buzz. While today's announcement thankfully put this incident behind us, we are 100 percent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward."

Under the settlement, Google has agreed to implement a comprehensive privacy program. Google also promised not to misrepresent its future privacy practices. Officially, "The settlement bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years."

According to the FTC's Google order (PDF Link) the "Covered information" that Google must protect, shall mean information respondent collects from or about an identifier, such as IP address; (e) telephone number, including home telephone number and mobile telephone number; (f) list of contacts; (g) physical location; or any other information from or about an individual consumer that is combined with (a) through (g)"

The FTC also states that this is the first settlement that requires a company to maintain a comprehensive Internet privacy program. Now, if the FTC would only do something about Facebook and its user tracking ways...

Related Stories:

Google settles with FTC over Buzz; Privacy policies to be audited for two decades

Google steps up its privacy game, launches Good To Know

Facebook sued for violating wiretap laws with tracking cookies

A case against online privacy

Google+ pseudonym support is coming soon

Topics: Enterprise Software, Google, Legal, Telcos

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: Google cops a plea with FTC on Privacy violations

    This would be news if it was Facebook, but sadly it's not.
    Home Grown IT
    • RE: Google cops a plea with FTC on Privacy violations

      @Home Grown IT
      At least Facebook doesn't take contact lists and pop them up on a public website, without consent, without notification, and without opting-in to anything.

      Facebook's position is that if you enter your address, for example, that you own the address. As the person who owns the address, you can decide which of your friends can see it, and you can decide if they're able to exchange it with individual third party applications. That's been their position, you entered the address, you shared it, but it remains "yours."

      Google's position is rather different. If you want to export your contact list -- inclusive of the information that they provided to Google -- and upload it to some third party site that specializes in spamming (export your contact list, and we'll send you a free XBox), they not only allow it -- but encourage it.

      One point in Facebook not deleting anything is that there are two sides to most everything on Facebook. For example, lets say you're conversing with a friend via wall posts. Do you own those posts? If your account is deleted, do you delete them? Or does the other user own them? Should your picture disappear -- because it wouldn't in an e-mail, for example.

      If the messages do remain, in the other person's list -- who controls the visibility on them? When you had your account, you got to say how visible the messages could be, so who gets to decide it now that you deleted your account?

      This is what creates those "shadow profiles" too. You can tag someone in a photo, most tagging systems allow custom tags. Unless you disallow custom tags entirely, it seems to me that there is not a way to successfully eliminate the "shadow profile." And they're right -- if someone's tagged you in photos, and you create an account, your visibility settings *should* apply equally to historic photos.

      I mean there are certainly issues with how Facebook does things, and don't get me wrong, but the bigger issue is how social networking and Internet in general wants to deal with the issues.

      It's similar to Chrome bringing back HTML Applications that work almost identically to Microsoft's 1998, despised, spec but getting acceptance because it's Google. Or their theory of using the web browser as the primary computer OS in ChromeOS -- something we already told Microsoft they couldn't do. Oh, but it's Google -- it's not like they're burying pages in results, and weighing pages with adwords higher than without. Best Buy has the Google ads on their site, directing to competing sites selling the same products, because they'd rather earn a penny and have someone buy a thousand dollar television off another site than sell the TV themselves. And yeah, putting adwords on your site definitely impacts page rank, by a significant margin.

      And of course, when you have a definitive site -- say for Windows stuff -- that should appear on the second page of search results, and not as -- say -- the first link.

      It's interesting, if I search for Google stuff on Bing, Google's the first hit. If I search for Oracle's stuff on Bing, Oracle is the first hit. If I search for Apple's stuff on Bing, Apple is the first hit. If I do the same on Google, the same thing isn't true.

      That's not to say "I never use Google" -- because I do -- but realistically, we all know they have humans editing page rank, and they've openly admitted to that (finally). We know that it is not all algorithmic, and that they are intentionally weighting sites that they favor higer. We also know that they are contributing massively to candidates of both parties, including directly competing candidates, in order to further their agenda.

      This settlement is a blow for 100% of the consumers not just in America, but world wide who have to deal with Google. Google makes the Microsoft of the mid80's and early 90's look like a choir boy.
      • RE: Google cops a plea with FTC on Privacy violations

        Do you work for Microsoft? Your rant has less facts than Microsoft sponsored

        Frank Shaw can sum up your whole memo into one word.
      • RE: Google cops a plea with FTC on Privacy violations

        @davebac <br>"Or their theory of using the web browser as the primary computer OS in ChromeOS -- something we already told Microsoft they couldn't do. Oh, but it's Google"<br><br>Yes, Google is controlling our minds!<br><br>I'd respond to the rest of your comment, but I feel like I might be giving Microsoft a reason to keep you on their payroll. How about you post some links so people can verify that you aren't a MS paid troll.
      • RE: Google cops a plea with FTC on Privacy violations

        @davebac <br>As for what facebook is doing. I don't want to go into a long rant based purely on speculation (ie I don't work for Microsoft), but I would like to see a privacy audit so that I can know the facts. All I know is that when I go into a 3rd party site and see pics of my friends from facebook; it kind of creeps me out.
    • Google cops a plea with FTC on Privacy violation (Tim Rooy - New Zealand)

      Stanley Benn believes: "that it is ethically important to have privacy as it pertains to freedom and control. It is therefore important for everyone to own their own personal identity, so they can properly own themselves".<br>This paper aims at addressing three major issues mentioned in the extract above, namely: The misuse of personal information, misrepresentation of privacy law to obtain information and lure users into a product without freedom of choice, and obtaining permission to share personal information.<br>The misuse of personal information in itself can be viewed as taking control of someone else. But let's debate this. Google Buzz is a product of Google which is in direct competition with Twitter and Facebook, Google's early version of their privacy policies did not explicitly cover the fact that they could use personal information of users and browsers to the extent that it did. But is it really the issue? Can we say that it is not the breaking of the U.S. -EU Safe Harbour Framework that is at issue, because that has legal implications, but that we can view this as a moral dilemma? If we see Google Buzz as a competitor to Twitter and Facebook, and Google used the information of its users and browsers for its own personal gain, then they have used people as a "means to an end" and not seen their users/browsers/people as the end in itself. Although there is a legal implication that they had broken the law they had also used people for personal gain, to promote their product and take clients from Twitter and Facebook. <br>Misrepresenting Privacy Law to obtain information and lure users into a product with freedom of choice has both legal and moral implications. It is firstly in direct contradiction with the Privacy Act, but also dehumanises the users. Once again I feel it better that we address the moral implications associated with Freedom of choice. The only freedom that anyone really has is choice. This is not an opportunity to get stuck into a "Pro Life" or "Pro Abortion" debate, but rather that we see it as a God given right for every human to choose his or her own destiny. Unless freedom of choice is in direct conflict with another person freedom of choice, or it breaks a fundamental rule like the protection of life because one chooses to murder another, everyone should be allowed to exercise that right to freedom. Denying anyone that freedom of choice is to deny them access to their own lives. The actions of Google can very much be viewed as that of a dictator. Google removed the right of freedom of choice from its users and decided what they believed was best for them, which ultimately also happen to meet their needs.<br>Obtaining permission to share personal information is to ask someone to trust that you will use that information in the best way possible without taking control of their lives. To tale control of someone life and to share his/her information without consent is a form of enslaving them, to be lord and master over them. The description given for the sharing of personal information is given as: "Information or data privacy, is the synergy between data collection, and dissemination, technology, public expectation of privacy, and the legal and political issues surrounding them. Privacy concerns exist wherever personally identifiable information is collected and stored. Privacy issues exists where disclosure control is weak or non-existant. Data privacy issues can arise in response to information from a wide range of sources, such as; Healthcare and Criminal justice record and investigations and proceedings, Financial records, Biological and genetic material, Residetial records, etc. <br>The challenge in data privacy is to share data while protecting personally identifiable information. The fields of data security and information security design and utilize software, hardware and human resources to address this issue." <a href="," target="_blank" rel="nofollow">,</a> retrieved Monday, 23 January 2012<br>Let us consider for one moment that you are surfing the internet trying to find out all you can about the discovery work in a specific medical field because you have recently discovered that your child has been diagnosed with a rare disorder. Sometimes information like this is kept amongst close family members and not shared with a wider audience. All of a sudden your inbox is flooded with spam on all sorts of promotions for prescription drugs ranging from hair loss to erectile dysfunction. How would you feel if your searches on the internet and the information your provided to seek help for your ailing child, was passed onto others without your approval because it was seen as an opportunity to make a profit?<br>When we apply it in a moral context we can say that even if these spam mails that you have received leads to a good outcome, the initial reason behind you receiving these mails was deceitful. <br>To hold personal information of people is to assume the responsibility of custodian and it should not be used without the permission of the individual.
  • FB's violations are multiple, but not so blatant at the first glance

    The subject.
  • Facebook?

    Uh, yeah, excuse me. Why is Facebook not getting the same treatment?
    Every time they change their privacy policy and slip the rug out from under your feet without asking, it's essentially the same as what Google did ONE time, and Google's getting 20 YEARS of government on it's back while Facebook gets nothing.
  • Privacy misrepresentation

    "The settlement bars the company from future privacy misrepresentations, ..."

    Are other companies not barred from privacy misrepresentations? Surely the wording of this is not well thought out.
    • Rulings like this are expected to be lessons to other companies that are

      in the same situation regarding customers' information and privacy concerns. If the others don't take heed, the ruling will be used as prior case against them if they also violate the privacy of their users. I'm pretty sure that Facebook took notice of the ruling, and so did Microsoft and others who depend upon users handing them their personal information. But, if a person feels violated, then a case won't be heard until a lawsuit is brought to court or to a corresponding federal agency. It's somewhat similar to a case where someone breaks into a house, and steals some valuables from that house. It's already illegal to break into homes and to steal. But, the case won't be heard until the person is caught and charged.
    • RE: Google cops a plea with FTC on Privacy violations

      @pwatson This is very uncharacteristic for Google. Not cool at all
  • No surprise that Google gets off scot-free

    By arranging to have Tim Wu, chair of Google lobbying group Free Press, installed at the FTC -- a fox in a hen house -- Google assured itself that it would get off with a slap on the wrist. Now watch as the FTC is much more harsh with Google's competitors.
    Anne Nonymous
    • RE: Google cops a plea with FTC on Privacy violations

      @Anne Nonymous
      I'm watching. It doesn't seem the US is doing anything about Facebook unlike Europe

      ..... but Google controls the FTC; that's impossible

      ...... maybe the FTC is more powerful in Europe. That must be it.
  • The power of the FTC for good

    Hopefully people realize how big this is. The FTC has just forced the world's largest Internet company to submit to 20 years of privacy and security oversight (you can't have privacy without security and if you ask previous FTC settlement companies, CVS, Eli Lilly, Microsoft, they will tell you complying with this is a BIG deal).

    That oversight comes on top of a requirement to do a complete privacy audit and overhaul.

    And the language about "future misrepresentations" means that large, and largely automatic, fines will kick in if Google executes another buzz-style screw-up any time in the next two decades.

    You can bet Facebook is watching this very closely. The FTC does not care how big or popular you are. They socked Microsoft with a consent decree that fundamentally changed the way the company did business. Every decision Google makes which touches upon user data -- which the FTC has now defined very broadly relative to previous American laws -- will now have to be scrutinized internally and likely checked against outside counsel.

    You know Facebook does not want that. So I predict it will make a difference to FB, even if the FTC does not go ahead with a case against FB (it has been getting a lot of pressure to bring a case but has not yet reached a decision AFAIK).

    I think the FTC deserves a round of applause -- it is one part of Washington that seems to be working.