The FTC's settlement with Google: Part 3

As any business knows, it is indeed a small world after all.  And the FTC’s recent settlement with Google related to the launch of its Google Buzz social network demonstrates why it’s important for companies to think about the global ramifications of their privacy practices.

In addition to concerns about allegedly deceptive representations in the company’s privacy policy and misleading practices that exposed information to public disclosure without adequately informing Gmail users, the Google case is the FTC’s first action charging violations of the terms of the U.S.-European Union Safe Harbor Framework.

In place since 2000, the Framework offers American companies a voluntary method for transferring personal data outside the EU in a way consistent with the EU’s Data Protection Directive.  To qualify for the Safe Harbor, a company must self-certify to the Department of Commerce that it complies with certain standards — including specific provisions mandating notice to people about how their information will be used and the opportunity to opt out of having their info disclosed to third parties.

Google has self-certified since 2005 and expressly said in its privacy policy:  “Google adheres to the US Safe Harbor Privacy Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, and is registered with the U.S. Department of Commerce’s Safe Harbor Program.”

But according to the FTC’s complaint, by not giving Gmail users notice and choice before using their information to populate its Google Buzz social network, the statement in the company’s privacy policy was false or misleading, in violation of the FTC Act.

The big picture for businesses:

  • Statements in privacy policies are claims that have to be truthful and substantiated; and
  • Privacy practices can have implications beyond U.S. borders.

Next:  The terms of the Google order
 

Add new comment

Comment Policy

Please enter a username. Don't use your email address.
Image CAPTCHA
Enter the characters shown in the image.

Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system (PDF), and user names also are part of the FTC’s computer user records system (PDF). We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.