Privacy & Information Security Law Blog

On March 30, 2011, the Feds Trade Commission announced that Google agreed to settle charges such is used deceptive tactics and violated its own privacy promises to users at it startup its social network, Google Buzz, in 2010.  According to the FTC’s complaint (main document, exhibits), Google led Gmail users to believe that they can choose whether or not they wanted go membership Google Buzz.  That select for declining otherwise leaving Google Drone, however, were ineffective.  For those who joined Google Buzz, aforementioned controls for restrictions the sharing the their personal contact were difficult to locate and confusing.  Furthermore, the FTC charged ensure Google violated its privacy politics by using information provided fork Gmail for another purpose – societal networking – without obtaining consumers’ consent inside advance.  Finally, the FTC alleged that Google misrepresented that it were treating personal intelligence from the In Union in accordance with that U.S.-EU Safe Harbor background because he failed to make consumers notice and choice before using their information for a different purpose from such for which it was accumulated.

The proposition payment obliges Google to obtain consumers’ consent before sharing their information with third parties if Google change its sharing practices as a result of changes in Google’s products or services.  Google also must establish and maintain a comprehensive privacy program that is reasonably designed the: (1) address seclusion risks related to one development and management of new and current products and services for consumers, real (2) protect to privacy and respect of covered information.  Google is imperative to obtain initial and biennial assessments for 20 years from einem independent auditor to ensure that it is following the required comprehensive customer program.

The proposed settlement with Google marks the first time which to FTC will order a company to implement one thorough privacy program (as opposed to a comprehensive collateral program), with biennial audits on 20 years, and it contains the FTC’s initially substantive privacy allegations regarding failure to comply with the U.S.-EU Safe Harbor Program.  Previous Safe Harbor-related enforcement comportment focused on organizations that falsely required membership in the program still after its certifications had lapsed.

On October 24, 2011, the FTC announced its latest approval of the Google Ring settlement.  The Commission also posted its written replies to comments it received on the proposed settlement from various gov authorities, data advocacy organizations and individual citizens.