Google has agreed to settle a complaint from the U.S. Federal Trade Commission charging the company with using deceptive tactics and violating its own privacy promises to consumers when it launched its social network, Google Buzz.
The proposed settlement, announced Wednesday, bars Google from future privacy misrepresentations, requires the company to implement a comprehensive privacy program and requires independent privacy audits for the next 20 years, the FTC said in a news release.
This is the first time an FTC settlement order has required a company to implement a comprehensive privacy program to protect consumers' information, the FTC said.
"When companies make privacy pledges, they need to honor them," Jon Leibowitz, chairman of the FTC, said in a statement. "This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations."
When it launched Buzz in early 2010, Google used personal data from its Gmail product to populate Buzz, without getting permission of Gmail users. In some cases, Google shared personal information with Gmail users' ex-spouses, employers and doctors, said Jessica Rich, deputy director of the FTC's Bureau of Consumer Protection.
"Gmail users signed onto their e-mail one day, and found they were participating, often unwittingly and unwillingly, in a new social network based on their most frequent e-mail contacts," Rich said. "Google did this even though its own privacy statement pledged that it would use information collected from Gmail users to operate Gmail, and that it would get consent from users prior to using the data for any other purpose."
Google apologizes for the mistakes it made with Buzz, Alma Whitten, Google's director of privacy, product and engineering, wrote in a blog post on Wednesday.
Google recently improved its internal privacy procedures, Whitten wrote. "That said, we don't always get everything right," she wrote. "The launch of Google Buzz fell short of our usual standards for transparency and user control -- letting our users and Google down."
Google is "100 percent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward," Whitten added.
The settlement does not include a fine, but it will provide "significant protections" for Google users, Rich said. The settlement requires Google to review the privacy implications of its current and future products and requires the company to review its privacy policies, she said.
In addition, Google must hire an outside auditor to review its privacy practices every other year for 20 years. The settlement will create "substantial costs" for Google, Rich said.
On the day Buzz launched, Gmail users received a message announcing the new service, the FTC said. They were given two options: "Sweet! Check out Buzz," or "Nah, go to my inbox."
Some users that clicked on "Nah" were enrolled in some features of Buzz, the FTC alleged. Users who opted into Buzz were not adequately informed that the identity of people they e-mailed most frequently would be made public by default, the FTC alleged.
In addition, Google's "Turn Off Buzz" option did not fully remove users from the social network, the FTC alleged.
Google made changes to Buzz within days, after the company received "thousands" of complaints from users, the FTC said.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.