Google has agreed to an independent review of its privacy procedures once every two years and to ask it users to give “affirmative consent” before it changes how it shares their personal information. The agreement raises the bar for the way that companies handle user privacy in the digital age.
Alma Whitten, director of privacy, product and engineering, announced that that Google had reached the agreement with the United States Federal Commission in an update in Buzz posted to Google’s official blog this morning.
“The terms of this agreement are strong medicine for Google and will have a far-reaching effect on how industry develops and implements new technologies and services that make personal information public,” said Leslie Harris, president of the Center for Democracy and Technology. “We expect industry to quickly adopt the new requirement for opt-in consent before launching any new service that will publicly disclose personal information,” Harris said.
In a statement posted to FTC.gov, the FTC charged deceptive privacy practices in Google’s rollout of its buzz social network. (Emphasis is mine):
The agency alleges the practices violate the FTC Act. The proposed settlement bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years. This is the first time an FTC settlement order has required a company to implement a comprehensive privacy program to protect the privacy of consumers’ information. In addition, this is the first time the FTC has alleged violations of the substantive privacy requirements of the U.S.-EU Safe Harbor Framework, which provides a method for U.S. companies to transfer personal data lawfully from the European Union to the United States.
“When companies make privacy pledges, they need to honor them,” said Jon Leibowitz, Chairman of the FTC. “This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations.”
The FTC turned to Twitter for a live Q&A with the Web. Here’s a recap of the conversation:
In her post, Whitten highlighted the efforts that the search engine has made in this intersection of Google, government and privacy:
For example, Google Dashboard lets you view the data that’s stored in your Google Account and manage your privacy settings for different services. With our Ads Preferences Manager, you can see and edit the data Google uses to tailor ads on our partner websites—or opt out of them entirely. And the Data Liberation Front makes it easy to move your data in and out of Google products. We also recently improved our internal privacy and security procedures.