Google has agreed to ask users before the company changes how it shares their information. | REUTERS FTC steps on Google's Buzz

Federal regulators are ordering Google to submit its entire online empire to periodic privacy checkups following privacy breaches that hampered its Buzz network last year.

The penalties come in the form of a settlement – brokered by the Federal Trade Commission, with Google’s agreement – and would spare the company from a stiff fine.


But it’s a critical shot across the bow from Washington, and would subject Google to intense federal scrutiny for two decades at a time when all of its privacy policies are already under a political microscope.

“When companies make privacy pledges, they need to honor them,” said Jon Leibowitz, chairman of the FTC, in a statement. “This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations."

The full FTC must still vote to approve the settlement, which is likely to happen in May.

Calls for federal probes into Google are hardly new, but the flap involving its Buzz network began last February. At issue, initially, was the manner in which Google set up the service: Users of its popular Gmail system were automatically signed up for Buzz, and their address books instantly became their new friend lists.

That peeved many in the industry, including the Electronic Privacy Information Center, which felt exposure of a user’s contacts could create a host of serious privacy pitfalls — jeopardizing journalists’ sources, for example, or exposing human rights activists. Even as Google apologized for its mistakes, EPIC filed a complaint with the FTC – triggering a months-long process, according to sources familiar with the review. That ended with Wednesday’s settlement.

Under the settlement, Google will submit to independent reviews of its privacy policies every two years, for up to 20 years. It’s an unprecedented penalty, as it subjects not only Gmail and Buzz but all of its services to outside scrutiny by an independent privacy auditor.

That would cover, for instance, privacy flaps similar to a mishap last year during which its Street View cars intercepted data transmitted over private Wi-Fi networks.

“This order would cover the type of conduct that was … in the Google Wi-Fi incident,” said Jessica Rich, deputy director of the FTC’s Bureau of Consumer Affairs.

The order further requires Google to review its own policies, and mandates the company obtain users’ permission before launching a feature similar to Buzz. It also bars them from misrepresenting privacy practices – an order the FTC said would be actively monitored for 20 years. Failure to comply, agency officials said Wednesday, could then subject Google to stiff fines.

For its part, Google stressed in a blog post that “trust really matters,” and acknowledged it didn’t get “everything right” with Buzz.

“We’d like to apologize again for the mistakes we made with Buzz. While today’s announcement thankfully put this incident behind us, we are 100 percent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward,” wrote Alma Whitten, Google’s director of Privacy, Product and Engineering.

The settlement is likely to win some praise among groups that have long called on federal regulators to crack down on the company for its privacy record. It arrives as federal agencies like the FTC along with members of Congress are increasingly bearing down on the ways Web companies collect, use and publish their customers’ most sensitive information.

This article tagged under: Privacy

Google

FTC