FTC consent decree and Google's Buzz social media integration
In 2010, increasing adoption of social media sites such as blogs, Facebook, Twitter, and Flickr led Google to develop Buzz, an attempt to incorporate status updates and media-sharing into its Gmail service. Users could link their various social media feeds, including Picasa (Google's photo-sharing service) and Reader (Google's RSS news reader), directly into Gmail. Via the integrated feed, Gmail users could see not only the content produced by those they followed, but those they didn't if their friends "liked" or commented on the content. Buzz for Mobile was intended to compete with check-in services like Foursquare. Almost as soon as the service was launched, Google faced myriad complaints about the risks to user privacy. Among them: Buzz automatically connected users based on their email and chat usage; Google had failed to provide a setting to allow users to fully opt out; users had no option to hide their lists of follows and followers from their profile; and Buzz automatically connected to users' Picasa albums and Reader shared items. Google responded quickly with an apology and changes to these defaults.
Buzz was the subject of a class action lawsuit brought by Harvard Law School student Eva Hibnick, a complaint to the Federal Trade Commission by the Electronic Privacy Information Center, and criticism by EFF and Canadian privacy commissioner Jennifer Stoddart. In settlement of the lawsuit, Google agreed to set aside $8.5 million to fund groups that promote privacy education. In 2011, Google's settlement with the FTC, which charged that the company used deceptive tactics and violated its own privacy promises to consumers, barred the company from future privacy misrepresentations, required it to implement a comprehensive privacy program, and called for it to implement regular independent privacy audits for 20 years, or until 2031. The FTC also noted that this was the first time the FTC had alleged violations of the then-in-force US-EU Safe Harbor agreement, which allowed US companies a legal framework under which they could transfer data from the EU to the US.
Writer: David Coursey, Rebecca Neely, EPIC, FTC
Publication: PC World, Law Crossing, EPIC, FTC