FTC consumer privacy settlement over Google Buzz includes EU Safe Harbor violations

The Federal Trade Commission settled deceptive practices charges against Google relating to the rollout of the Google Buzz social network in 2010, including charges that Google violated the substantive requirements of the EU -U.S. Safe Harbor agreement. The FTC charged that the procedures for allowing users of the Google Gmail service to opt out of Buzz were confusing, difficult to find, and ineffective. Additionally, the FTC charged that requiring users to opt out of the network rather than opt in violated statements in its previously posted privacy policy. The consent agreement bars Google from misrepresenting the privacy or confidentiality of users' personal information or misrepresenting compliance with the EU-U.S. Safe Harbor requirements or other privacy or security programs. Google also must obtain user consent prior to sharing information with third parties in a way contrary to previously posted privacy promises. Finally, the settlement further requires Google to establish and maintain a comprehensive privacy program, and it requires that for the next 20 years the company have biannual audits conducted by independent third parties to assess its privacy and data protection practices.

In re Google, Inc., FTC File No. 102 3136 (Mar. 30, 2011) Press Release

Editor’s Note: Further discussion of the FTC settlement with Google is available on the Proskauer Privacy Law blog.