Press Releases & Advisories
01 April 2011
Advisory: Significant Privacy Enforcement Seen in FTC Consent Order Regarding Privacy Violations in Google Buzz Launch
On March 30, 2011, Google Inc. ("Google") agreed to settle charges before the Federal Trade Commission ("FTC") of privacy violations and deceptive tactics stemming from Google’s launch of its Google Buzz social network in 2010.
The proposed consent order requires Google to obtain users’ express consent before using or sharing their personal information in any way differing from any privacy promises made when the information was collected. Google is barred from future privacy or confidentiality misrepresentations regarding the collection and use of personal information and consumers’ control over collection, use, or disclosure of their personal information. Google is also prohibited from misrepresenting its compliance with governmental privacy and security programs, including the U.S.-EU Safe Harbor Program.
Most notably, the proposed consent order requires Google to establish and maintain a comprehensive privacy program addressing privacy risks in new and existing product/service development and management and protecting the privacy of covered information, and to submit to biennial privacy monitoring by an independent professional for the next 20 years. FTC Commissioner J. Thomas Rosch expressly noted that Google’s competitors would not bear the same restrictions. The consent order is open for comments from the public until May 2, 2011.
The Google Buzz settlement marks a significant increase in FTC privacy enforcement. It is the first time the agency has alleged substantive violations of the U.S.-E.U. Safe Harbor Program, and the first time it has required implementation of a comprehensive privacy program, with ongoing auditing requirements. Although limited to Google, the FTC has described the settlement conditions as "good business practices" the FTC would "expect to see widely followed across the industry."
For more information regarding the consent order, or Wiltshire & Grannis’ privacy practice, please contact John Nakahata, Brita Strandberg, Paul Margie, Rob Carter, Madeleine Findley, or Kristine Devine.
This advisory is not intended to convey legal advice. It is circulated as a convenience and is not intended to reflect or create an attorney-client relationship as to its subject matter.