Goggle and privacy are two words that do not get along well. This has been painfully clear for some time now, at least outside the US.
Well, this is no longer the case. At the beginning of the year, after Google itself had apparently been flooded with thousands of complaint related to the roll-out of its “Buzz” social network, the FTC opened an investigation and charged Google with deceptive privacy policies. So what happened and what were the facts that have led to the charges?
First Charge: when Buzz was launched, Gmail users got a message announcing the new service and were given two options: “Sweet! Check out Buzz,” and “Nah, go to my inbox.” According to the FTC complaint, Gmail users who clicked on “Nah…” were nonetheless enrolled in certain features of the Google Buzz social network.
Second charge: those Gmail users who clicked on “Sweet!,” according to the FTC complaint, were not adequately informed that the identity of individuals they emailed most frequently would be made public by default.
Third, Google offered a “Turn Off Buzz” option that did not fully remove the user from the social network (actually they’re not the only social network who acts in this way, in fact they are in good company in this kind of practice).
Enough? Well, bear with me for a while, the list is long and there’s more to come.
Buzz privacy policy stated te following: “When you sign up for a particular service that requires registration, we ask you to provide personal information. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use.” The FTC alleged that Google violated this pledge, by using information provided for Gmail for another purpose – social networking – without obtaining consumers’ permission in advance.
Google’s practices were deceptive also for another of Buzz’ feature: according to the FTC, the two options given to users: “Nah, go to my inbox,” and “Turn Off Buzz,” gave the impression that if you clicked on them you would have been out of the social network. Not really: according to the complaint Google misrepresented the facts: users who clicked on these options were in fact enrolled in certain features of Buzz.
The final misrepresentation indicates how little Google’s lawyers know about privacy: Google stated that it was treating personal information in compliance with the US-EU Safe Harbor privacy framework. According to the complaint, this assertion was false because the company failed to give consumers notice and choice before using their information for a purpose different from that for which it was collected.
To make a long story short and summarize all the complaints in one sentence, Google flatly lied. It said that if you took one course of actions certain things would have happened, while in fact what happened was just the opposite. If you thought you were getting out of Buzz, in practice you were not. You thought you were not signing in while the program did in fact sign you in, at least for some features. Nice, isn’t it?
Now, make no mistakes: under all accounts Google is a great company, who has completely changed the paradigms of product development and distribution. Think about it: has anyone of us ever paid a cent to use Google and its countless features (gmail, maps, hearth, just to name a few)? Google has constantly rolled out new products and services, which we all use in our daily life, has expanded to new markets (Android, e.g) and is continuing to move swiftly in all areas of advanced technologies, all of this in no more than 10 years. Chapeau, as they say in France.
At one point, the founders of Google apparently become aware of the market power they had accumulated and word spread around that the main message that was circulating inside Google was: don’t be evil.
People tend to associate big with bad and Google had become quite big, as we all know, so do not be evil, they apparently said. It is painfully evident that not everyone listened. The result (just to remain on this topic) has been a very burdensome settlement, under which Google is bound to implement a comprehensive privacy program and will be subject to independent privacy audits every two years, for the next 20 years!
It’s the first time the FTC has ever used its powers to protect the privacy of users. The comment made by the chairman of the FTC Jon Leibowitz leaves no room for misunderstanding: “When companies make privacy pledges, they need to honour them”.
We all hope that this time everyone will listen, and not just inside Google.
PS
I have strongly criticized Google’s legal department. The facts that have led to the settlement are once again the evidence that Google’s lawyers don’t have a clue of what privacy is and on how to defend their company’s interests. Having said that, I have to praise Google communication department. The settlement was reached at the end of March, but it was not reported by any of the major newspapers all around the world. This is no small news: the first FTC case on violation on data privacy, the name of the defendant (a company the size and visibility of Google), the terms of the settlement, every element of this case make it a big story. One would imagine newspapers would jump on it. OK, make a Google search with the following string: “google ftc settlement”. You’ll find out by yourself who reported the news. Congratulations to Google’s communications and external relations dpt!
