March 30, 2011

Google Settles with FTC over Buzz Complaints (or: Much Ado About Little)

Greetings. Google has reached a settlement with the Federal Trade Commission over complaints related to their launch of Google Buzz last year.

The main features of this settlement are:

- requiring that Google obtain users' consent before sharing their information with third parties if Google changes its products or services in a way that results in information sharing that is contrary to any privacy promises made when the user's information was collected

- requires Google to establish and maintain a comprehensive privacy program

- requires that for the next 20 years, the company have audits conducted by independent third parties every two years to assess its privacy and data protection practices

Some observers have also suggested that Google's accidental collection of data from unencrypted, completely open Wi-Fi networks would have been considered to be a violation of such a settlement, resulting in fines of up to $16,000 per violation.

Google's blog posting regarding the settlement is here: (Official Google Blog)

The FTC's statement is here: (FTC)

My primary blog postings (both from February 2010) related to the Buzz launch were:

"'Google Buzz' -- and the Risks of 'Automatic Friends'"":


"The Google Buzz Launch -- and the Limits of Downing Dogfood":

In the first of my postings referenced above, I noted my concerns about the way default "friends" were assigned in Buzz, but I also pointed out that sharing itself was not forced on Gmail users, and in an update a few days later noted that Google had moved very rapidly to alter those settings in ways that appropriately addressed the concerns.

In the second posting, I speculated on the possible genesis of the Google Buzz launch issues, and noted the mass of hate mail I received for daring to publicly suggest that Google was indeed addressing Buzz concerns in a reasonable way.

My blogged thoughts on the vastly overblown Google Wi-Fi controversy are outlined in:

"Google's Wi-Fi Crucifixion, an Open Mike, and Public Is As Public Does"


"'Highly Illogical': The Hysteria Over Google's Wi-Fi Scanning"

As for the FTC settlement itself ... Google already spends a great deal of time and effort on privacy issues, but just as I've long argued for some sort of more formal Google "Ombudsman" or other more structured user contact apparatus, e.g. in my Google Ombudsman blog postings such as: -- a more formal privacy structure (perhaps even combined with an ombudsman-type system of some sort) will likely be a win-win for both Google and its users in the long run. There are many other large firms that already have more structured privacy/ombudsman frameworks, and they have usually served well.

Independent external privacy audits, and affirmative consent before changing key privacy provisions are good practices in any case, especially for substantial enterprises.

Yet I can't help but question the singling out of Google for such requirements given the relatively minor nature of the transgressions under discussion, while much more serious "privacy problems" by other firms have often been dismissed with merely a nod and a wink. Without casting aspersions on the FTC, it seems clear that much of the loudest complaining brouhaha regarding the Buzz launch was driven by traditional anti-Google elements, both obvious and of the hidden, insidious "astroturf" variety.

Overall, the settlement terms largely represent practices that can be viewed as good policy, and don't seem unreasonably onerous or drastically punitive.

However, I hope that in the future the application of such requirements will be considered appropriate as a matter of course for at least all large firms that deal with consumer information, and that relatively minor errors, purposely blown out of proportion by vested interests, not be the apparent primary impetus for regulatory actions in these areas.


Posted by Lauren at March 30, 2011 12:14 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein