Google Buzz, the social network built into Gmail, has faced its share of complaints regarding automatic opt-ins and privacy issues. Last year, Google settled a class action suit by contributing to a fund for organizations involved in internet privacy and education. Today, the Federal Trade Commission released a statement detailing its own accusations against Google Buzz and outlining an agreement reached with the company.
The abstract of the statement is that Google violated its own privacy policies and used ‘deceptive tactics” when it launched Google Buzz in 2010. According to the FTC, when Buzz was integrated into Gmail, users were not given a good enough explanation about how the new social network would operate. Specifically, controls for limiting the share of personal information were hard to find and trying to leave the network all together was confusing and sometime ineffective.
According to the FTC, Google opted users into the program automatically, even if the user thought he had opted-out. They were also concerned with the sharing of users’ email contacts as a default operation of enrollment:
When Google launched Buzz, its privacy policy stated that “When you sign up for a particular service that requires registration, we ask you to provide personal information. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use.” The FTC complaint charges that Google violated its privacy policies by using information provided for Gmail for another purpose – social networking – without obtaining consumers’ permission in advance.
The agency also alleges that by offering options like “Nah, go to my inbox,” and “Turn Off Buzz,” Google misrepresented that consumers who clicked on these options would not be enrolled in Buzz. In fact, they were enrolled in certain features of Buzz.
The complaint further alleges that a screen that asked consumers enrolling in Buzz, “How do you want to appear to others?” indicated that consumers could exercise control over what personal information would be made public. The FTC charged that Google failed to disclose adequately that consumers’ frequent email contacts would become public by default.
Whoops.
The settlement reached disallows Google to make any future privacy misrepresentations (duh), forces them to implement a comprehensive privacy program and subjects them to privacy audits from an independent firm for the next 20 years. Interestingly, “this is the first time an FTC settlement order has required a company to implement a comprehensive privacy program to protect the privacy of consumers’ information.”
“When companies make privacy pledges, they need to honor them,” said Jon Leibowitz, Chairman of the FTC. “This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations.”
On the official Google blog, the company states that although they are big on privacy, sometimes they just don’t get it right:
We’d like to apologize again for the mistakes we made with Buzz. While today’s announcement thankfully put this incident behind us, we are 100 percent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward.