On March 30, the FTC announced that Google had settled charges that it engaged in deceptive tactics and violated its own privacy promises when it launched its social network called Buzz. The FTC stated that this is the first FTC settlement in which a company agreed to implement a comprehensive privacy program to protect the privacy of consumer data. Google also agreed to independent privacy audits for the next 20 years.

According to the FTC complaint, when Google launched its Buzz social network through its Gmail web-based email product, it led Gmail users to believe that they could choose whether or not they wanted to join the network. However, the FTC claimed that the options for declining or leaving the social network were ineffective, confusing and difficult to find, and the disclosures about what information would be shared were inadequate. In response to the Buzz launch, Google received thousands of complaints from consumers who were concerned about public disclosure of their email contacts which included, in some cases, ex-spouses, patients, students, employers, or competitors.

When Google launched Buzz, its privacy policy stated that "When you sign up for a particular service that requires registration, we ask you to provide personal information. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use." The FTC complaint charges that Google violated its privacy policies by using information provided for Gmail for another purpose - social networking - without obtaining consumers' permission in advance.

The FTC also alleged that Google misrepresented that it was treating personal information from the European Union in accordance with the U.S.-EU Safe Harbor privacy framework. The complaint alleges that Google's assertion that it adhered to the Safe Harbor principles was false because the company failed to give consumers notice and choice before using their information for a purpose different from that for which it was collected.

FTC Claims Endorsements by Affiliate Marketers Are Deceptive

The Federal Trade Commission announced that Nashville-based Legacy Learning System and its owner agreed to settle charges that it deceptively advertised its guitar lesson DVDs through online affiliate marketers who falsely posed as ordinary consumers or independent reviewers.

According to the FTC's complaint, Legacy Learning used an online affiliate program, through which it recruited "Review Ad" affiliates to promote its courses through endorsements in articles, blog posts, and other online editorial material, with the endorsements appearing close to hyperlinks to Legacy's website. In exchange for posting reviews, affiliates received substantial commissions on the sale of each product resulting from referrals. According to the FTC, such endorsements generated more than $5 million in sales of Legacy's courses.

The FTC charged that Legacy Learning disseminated deceptive advertisements by representing that online endorsements written by affiliates reflected the views of ordinary consumers or "independent" reviewers, without clearly disclosing that the affiliates were paid for every sale they generated.

The FTC's revised guidelines on endorsements and testimonials, issued in 2009, explain that someone who receives cash or in-kind payment to review a product or service should disclose the material connection between the reviewer and the seller of the product or service. The FTC suggests that advertisers using affiliate marketers to promote their products should put in place a reasonable monitoring program to verify that those affiliates follow the principles of truth in advertising.

Under the proposed settlement, Legacy Learning will pay $250,000. In addition, they have to monitor and submit monthly reports about their top 50 revenue-generating affiliate marketers, and make sure that they are disclosing that they earn commissions for sales and are not misrepresenting themselves as independent users or ordinary consumers. Legacy Learning also must monitor a random sampling of another 50 of their affiliate marketers, and submit monthly reports to the FTC about the same criteria.

Company Using Cookies Alleged to Have Honored Opt-Out Only for 10 Days

The FTC announced that online advertising company Chitika, Inc. agreed to settle charges that it engaged in deceptive advertising by tracking consumers' online activities even after they opted-out of online tracking on Chitika's website.

According to the FTC's complaint, Chitika buys ad space on websites and contracts with advertisers to place small text files (cookies) on those websites. The FTC alleged that in its privacy policy the company says that it collects data about consumers' preferences, but allows consumers to opt out of having cookies placed on their browsers and receiving targeted ads. The privacy policy includes an "Opt-Out" button. Consumers who click on it activate a message that states, "You are currently opted out."

According to the FTC, Chitika's opt-out lasted only 10 days. After that time, Chitika placed tracking cookies on browsers of consumers who had opted out and targeted ads to them again. The FTC charged Chitika's claims about its opt-out mechanism were deceptive and violated federal law.

The settlement bars Chitika from making misleading statements about the extent of data collection about consumers and the extent to which consumers can control the collection, use or sharing of their data. It requires that every targeted ad include a hyperlink that takes consumers to a clear opt-out mechanism that allows a consumer to opt out for at least five years. It also requires that Chitika destroy all identifiable user information collected when the defective opt-out was in place. In addition, the settlement requires that Chitika alert consumers who previously tried to opt out that their attempt was not effective, and they should opt out again to avoid targeted ads.

FTC Finalizes Settlement with Twitter over Security of Personal Information

In June 2010 the FTC announced a proposed settlement with Twitter resolving charges that Twitter deceived consumers and put their privacy at risk by failing to safeguard their personal information. The FTC alleged that serious lapses in the company's data security allowed hackers to obtain unauthorized administrative control of Twitter, including both access to non-public user information and tweets that consumers had designated as private, and the ability to send out phony tweets from any account.

Under the terms of the final settlement, Twitter will be barred for 20 years from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of non-public consumer information, including the measures it takes to prevent unauthorized access to non-public information and honor the privacy choices made by consumers. The company also must establish and maintain a comprehensive information security program, which will be assessed by an independent auditor every other year for 10 years.