It took a year, but the feds have finally extracted a settlement from Google over the search giant’s botched foray into social networking, called Buzz, which infuriated privacy advocates and prompted a public apology from the company.

In a statement, the FTC said the settlement “bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years.”

The settlement does not require Google to pay a fine.

It’s the first time the FTC has required a company to implement a “comprehensive privacy program to protect the privacy of consumers’ information,” according to the agency. It’s also the first time the FTC has alleged violations of the “substantive privacy requirements of the U.S.-EU Safe Harbor Framework, which provides a method for U.S. companies to transfer personal data lawfully from the European Union to the United States,” the agency said.

Alma Whitten, Google’s Director of Privacy, Product & Engineering, said in a company blog post that Google “fell short of our usual standards for transparency and user control — letting our users and Google down.” A Google spokesperson declined to comment beyond the blog post.

Last February, the Electronic Privacy Information Center filed a complaint with the FTC, charging that Google engaged in “unfair and deceptive acts and practices,” by using private email contacts to build a public online community. The group asserted that Google violated federal consumer protection laws.

“When companies make privacy pledges, they need to honor them,” said Jon Leibowitz, Chairman of the FTC. “This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations.”

Buzz incorporated social networking features into Gmail, and it was supposed to ease Google’s entrance into the booming real-time social space led by Facebook and Twitter. Instead, the product quickly turned into embarrassment for Google after users discovered many of their private contacts were displayed publicly.

“The FTC has sent a powerful message to Google and the online data collection giants:  we are watching you as you watch consumers,” Jeffrey Chester, executive Director of the Center for Digital Democracy, said in an email to Wired.com. “The consumer protection team created by Chairman Leibowitz — under the direction of David Vladeck — will force the country’s most powerful online marketer to behave more responsibly.”

“The commission’s requirement that an independent outside privacy auditor is needed for Google for the next 20 years demonstrates what consumer advocates have been saying — that Google and other online marketing companies are not being candid about their digital ad practices,” Chester added.

The settlement with the FTC is an embarrassment for Google, but as Wired.com’s Ryan Singel pointed out last year, “in the grand scheme of privacy invasions, this one ranks a ‘Grenada’ — even though it has provided some cautionary lessons — not the least of which that Google shouldn’t limit pre-release testing to its unrepresentative army of coders.”

John M. Simpson, director of Consumer Watchdog’s Privacy Project, said the FTC should have gone further and actually fined the search giant. “Nothing will  completely stop Google from invading users’ privacy until it gets hit where it hurts, its bank accounts,” he said in a statement.

Now that the FTC has dispensed with Google over privacy, presumably we can expect it to move on to other targets.

Here’s the full Google statement:

Pages:12 View All