Google, FTC Settle Privacy Case

Search giant Google Inc (NASDAQ:GOOG) has settled with U.S. regulators investigating privacy problems that cropped up in its botched roll-out of social network Buzz, the Federal Trade Commission said Wednesday.

Under the deal, Google agreed to have independent privacy audits every two years for the next 20 years.

"This order technically applies only to Google but we think that many of the provisions of the order are good business practices" that the rest of the industry should follow, said Jessica Rich, deputy director of the FTC's Consumer Protection Bureau.

Launched in February 2010 to compete with Twitter, Buzz initially used its Gmail customers' email contact lists to create social networks of Buzz contacts that the rest of the world could see, which led to an uproar.

Google quickly changed the settings so that contacts were kept private by default. Analysts generally consider the product a flop.

"It's a big deal," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, which filed the original complaint about Buzz with the FTC.Rotenberg said that although Google has a privacy policy already, the order will mean that it will have to be improved.

"I think they were overly aggressive. I think they basically decided that they were going to convert their Gmail users to a social network overnight," said Rotenberg.EPIC's complaint included stories of people who were signed up to Buzz along with people they did not want to be connected with -- in one case an abusive ex-husband.

But a person familiar with the matter said that privacy policy improvements they have already made largely satisfied the requirement for a comprehensive privacy policy referenced in the settlement.

Google tightened its privacy policy in the wake of revelations that Google's Street View cars, which take panoramic pictures of city streets, inadvertently collected data from unsecured wireless networks in more than 30 countries.

Google initially said that information was limited to "fragments" of unencrypted data but later acknowledged that the cars actually collected more extensive information, including complete emails and passwords.

The U.S. Federal Trade Commission closed its investigation into the issue, which was also probed by the governments of Britain, France, Singapore and Switzerland, among others.

The big difference is that now Google's privacy behaviors will be evaluated by a third-party every two years, the source said.

That audit will not be made public, the FTC said.

The FTC charged that Google was deceptive in leading its Gmail customers to believe that they could decline to participate in Buzz. Those who declined were still included in certain Buzz features.

"For users who joined the Buzz network, the controls for limiting the sharing of their personal information were confusing and difficult to find," the FTC said in a statement.

Under the settlement, if Google makes assertions about how a customers' private data will be treated it must get their consent before shifting to a less restrictive privacy policy.

"This is a 20-year order, and if they don't comply with the order they can be subject to (a) $16,000 (fine) per violation," added Rich.

Google apologized for the Buzz botch in a blog post Wednesday, and pledged not to repeat the error.

"The launch of Google Buzz fell short of our usual standards for transparency and user control -- letting our users and Google down," wrote Alma Whitten, director of privacy, product and engineering.

"We'll receive an independent review of our privacy procedures once every two years, and we'll ask users to give us affirmative consent before we change how we share their personal information."

(Reporting by Diane Bartz and Alexei Oreskovic, editing by Gerald E. McCormick, Tim Dobbyn and Matthew Lewis)