Business Blog
The FTC's settlement with Google: Part 3
As any business knows, it is indeed a small world after all. And the FTC’s recent settlement with Google related to the launch of its Google Buzz social network demonstrates why it’s important for companies to think about the global ramifications of their privacy practices.
In addition to concerns about allegedly deceptive representations in the company’s privacy policy and misleading practices that exposed information to public disclosure without adequately informing Gmail users, the Google case is the FTC’s first action charging violations of the terms of the U.S.-European Union Safe Harbor Framework.
In place since 2000, the Framework offers American companies a voluntary method for transferring personal data outside the EU in a way consistent with the EU’s Data Protection Directive. To qualify for the Safe Harbor, a company must self-certify to the Department of Commerce that it complies with certain standards — including specific provisions mandating notice to people about how their information will be used and the opportunity to opt out of having their info disclosed to third parties.
Google has self-certified since 2005 and expressly said in its privacy policy: “Google adheres to the US Safe Harbor Privacy Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, and is registered with the U.S. Department of Commerce’s Safe Harbor Program.”
But according to the FTC’s complaint, by not giving Gmail users notice and choice before using their information to populate its Google Buzz social network, the statement in the company’s privacy policy was false or misleading, in violation of the FTC Act.
The big picture for businesses:
- Statements in privacy policies are claims that have to be truthful and substantiated; and
- Privacy practices can have implications beyond U.S. borders.
Next: The terms of the Google order
It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.