FTC to monitor Google privacy policies for 20 years
When the service launched, Gmail users were given the option to participate in Buzz, but weren’t told that the people they email most often would be listed publicly. Users that declined to participate were also apparently automatically enrolled into at least some of the Buzz features without their consent, according to the FTC.
“In response to the Buzz launch, Google received thousands of complaints from consumers who were concerned about public disclosure of their email contacts which included, in some cases, ex-spouses, patients, students, employers, or competitors,” the agency said. “The FTC charged that Google failed to disclose adequately that consumers’ frequent email contacts would become public by default.”
FTC officials added that Google had misled the public in regards to its privacy policies, and misrepresented its compliance with U.S. and E.U. Safe Harbor “or other privacy, security, or compliance programs.”
Google’s settlement with the FTC requires the company to first obtain users’ consent before sharing their information with other parties if it changes any of its products or services is such a way that it impacts personal privacy. It also requires Google to create a comprehensive privacy program, and to submit to third-party audits every two years for the next 20 years.
The deal marks the first time the FTC has ordered a company to implement a comprehensive privacy policy, and is also the first time the agency has claimed a company’s privacy policies violate the Safe Harbor Frameworks.
“When companies make privacy pledges, they need to honor them,” said FTC chairman Jon Leibowitz. “This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations.”