Two major corporations recently reached settlements over allegations of privacy violations. Google agreed to pay $7 million after the company’s Street View vehicles collected consumers’ personal information and Netflix finalized a $9 million deal in a consumer class action alleging violations of the Video Privacy Protection Act.
Google sent vehicles equipped with cameras around the country to collect images of addresses for its search feature. Unfortunately, the vehicles also gathered e-mails, passwords, and other sensitive information from wireless networks.
Thirty-eight state attorneys general launched a collaborative investigation that ended in March. While the company did not admit liability, it agreed to pay $7 million. In addition to the payment, Google will establish a privacy program within six months and provide privacy-related training for employees, including an annual privacy week event, periodic refresher courses, and the option to take privacy certification programs.
The company must also undertake an effort to educate consumers about privacy issues by placing ads in the largest newspapers in the participating states and creating a YouTube video explaining how individuals can protect themselves from a similar data grab by encrypting their data.
“We work hard to get privacy right at Google,” the company said in a statement about the deal. “But in this case we didn’t which is why we quickly tightened up our systems to address the issue.”
In a second high-profile settlement, Netflix received final judicial approval for a $9 million settlement to end a suit brought by a class of plaintiffs who alleged the company violated the Video Privacy Protection Act by storing their viewing history and financial information after they canceled their accounts.
Prior to a recent amendment backed by the company, the VPPA required video service providers to delete information about former users after one year. But Netflix maintained a “veritable digital dossier” of former subscribers, according to the suit, that included credit card numbers, billing and contact information, and a highly detailed account of their programming viewing history.
U.S. District Court Judge Edward J. Davila approved the settlement, which also requires Netflix to “decouple” rental history from former subscribers’ identification data within one year after the cancellation of service.
The company will pay approximately $6.5 million to 20 nonprofit groups and $2.2 million to the plaintiffs’ lawyers. Recipients of the settlement money are “not-for-profit organizations, institutions, and programs for the purpose of educating ‘users, regulators, and enterprises regarding issues relating to protection of privacy, identity, and personal information through user control, and to protect users from online threats,’” including the Electronic Frontier Foundation and the International Association of Privacy Professionals.
To read Google’s Assurance of Voluntary Compliance, click here.
To read the order granting approval to the Netflix settlement, click here.
Why it matters: Judge Davila granted approval to the settlement over objections from some users, who complained that they wanted Netflix to keep their data on file, while others expressed concern about class members not receiving any money. Given the estimated class of 62 million current and former Netflix subscribers, Judge Davila ruled that the settlement terms were “fair, adequate, and reasonable” because monetary distribution to the class would not be feasible. As for Google, the company settled with the Federal Trade Commission in 2011 over allegations that it abused users’ privacy when it launched the Buzz social networking feature. Last year Google paid a record $22.5 million to the FTC after the agency said the company breached the consent order by circumventing browser settings to track users’ browsing habits.