Google finally felt the sting of online privacy this week, settling with the Federal Trade Commission for violating its own privacy promises when it introduced its social-networking play Buzz last year. According to the settlement, Google has to implement a "comprehensive privacy program" and will be subject to regular privacy audits for the next 20 years.
But at the heart of this settlement is a curious fact that reveals how the FTC is pursuing online privacy in the absence of a digital privacy law.
Buzz was an attempt to leverage people's Gmail accounts into a social network designed to compete with Facebook, and the reason the FTC was able to hold Google to account was not because of a lack of privacy options, but because Google violated its own terms of service. The government agency said Google misled users into thinking they could easily opt-out of the network, resulting in the suit.
If Google hadn't proclaimed any privacy options for Buzz, the FTC would have had no case to bring sanctions. The agency operates under a consumer provision that doesn't allow for deceptive practices. In other words, if a company doesn't uphold its own claims -- regardless of whether it has to do with privacy -- it is deceiving the public. Google's settlement isn't a privacy case, it's a deceptive-practice case.
"When companies make privacy pledges, they need to honor them," FTC Chairman Jon Leibowitz said in a statement.
The FTC also used this strategy when it brought a case against online ad network Chitika, which offered consumers the ability to opt out of having their information collected for the purposes of targeted advertising -- but without telling them the offer only lasted for 10 days.
Interestingly, Sen. John Kerry, D-Mass., seized upon the Google case as reason for a digital privacy law, saying in a statement that the settlement "underscores that everyone will be better off with clear rules of the road rooted in a specific law."
President Obama has called for privacy legislation in recent weeks, though the timing of his proposal is based on a more pressing need to sign digital data accords with the European Union and countries in the Asia-Pacific region. The FTC's case against Google, in fact, was brought under the U.S.-EU Safe Harbor Framework, which allows U.S. companies to transfer data lawfully from the EU to the U.S., the first time the FTC has applied those standards to a digital privacy case.
Jeffrey Chester, the director of consumer watchdog Center for Digital Democracy, said of the settlement: "The FTC has sent a powerful message to Google and the online data collection giants: we are watching you as you watch consumers."