Google Buzz faces strict privacy rules after settlement

To celebrate April Fools’ Day last Friday, Google unveiled Gmail Motion, a fake new feature that would allow users to act out e-mails rather than typing them. But for the California tech giant, last week’s settlement with the Federal Trade Commission over another Gmail feature was no laughing matter.

The settlement, announced March 30, centered around Google Buzz, a social networking service launched through Gmail in February 2010 that has been controversial due to user privacy issues. The settlement requires Google to obey strict privacy rules and allow independent privacy audits every two years for the next 20 years.

Google Buzz has been met with thousands of complaints over the last year from users who found their address book contacts shared automatically, letting others see who they e-mail most.

When the service was launched, Gmail users got a message introducing Buzz and offering two options: “Sweet! Check out Buzz” and “Nah, go to my inbox.” But the FTC complaint alleged that even those users who chose “Nah” were signed up for some features of Buzz, and those who clicked on “Sweet!” were not sufficiently informed of the service’s sharing settings. Google also gave users the option to “Turn Off Buzz,” but those users were not fully removed from the social network.

The FTC complaint charged that Google used deceptive privacy practices and violated its own privacy policy, which promises to ask users before using information “in a manner different than the purpose for which it was collected.” The FTC also alleged that Google misrepresented its actions with regard to the U.S.-European Union Safe Harbor privacy framework, which protects personal information transferred between the U.S. and Europe.

The complaint was likely an easy decision for the FTC, said Craig Andrews, chair of the marketing department and a former FTC employee.

“They didn’t comply with their own privacy policies,” Andrews said. “This was a no-brainer.”

But some are still unhappy with the settlement. The Electronic Privacy Information Center, a public interest research center in Washington, D.C. that filed an initial complaint against Google, is protesting the settlement because it was left out of the deal’s $8.5 million common fund.

EPIC has also scrutinized Facebook’s privacy practices, which have drawn some complaints from users. But FTC spokeswoman Claudia Bourne Farrell said Facebook was not part of the Google settlement in any way, and could not confirm or deny that the FTC was investigating Facebook at all.

An EPIC spokesperson directed all inquiries to the group’s website.

Google’s biggest problem from the settlement is a public relations one, said Bruce Boyden, an assistant professor of law.

“The real issue for Google is basically just a black eye,” Boyden said. “Their whole corporate image is one of not being evil or sneaky, and protecting user privacy.”

Boyden said privacy issues are a serious concern in the tech industry, where marketing pushes sometimes neglect legal concerns.

“Everybody gets so focused on how cool of a product this is going to be, and they forget about things like protecting user data,” he said.