When Google Buzz came out, everyone expected that it was Google’s first salvo against Twitter—except for the fact that it lived entirely inside of Gmail. Perhaps they hoped it would become just-another-Social-Inbox-app; as opposed to the privacy horror that it grew into. Now, after over a year of having Google Buzz, thousands of complaints, and very little enthusiasm on the subject, Google and the FTC have locked horns and come away with an agreement on how to handle future privacy fiascos.
The proposed settlement bars Google from misrepresenting the privacy or confidentiality of individuals’ information or misrepresenting compliance with the U.S.-E.U Safe Harbor or other privacy, security, or compliance programs. The settlement requires the company to obtain users’ consent before sharing their information with third parties if Google changes its products or services in a way that results in information sharing that is contrary to any privacy promises made when the user’s information was collected. The settlement further requires Google to establish and maintain a comprehensive privacy program, and it requires that for the next 20 years, the company have audits conducted by independent third parties every two years to assess its privacy and data protection practices.
Google’s data practices in connection with its launch of Google Buzz were the subject of a complaint filed with the FTC by the Electronic Privacy Information Center shortly after the service was launched.
The release about the settlement does outline how Google Buzz hit Gmail users like a ton of bricks—or at least roach motels—by letting them into the social network, didn’t let them know how it worked and what to expect out of it, and then when methods for removing themselves came around, wouldn’t actually let them go. The FTC has alleged from complaints that Google established a deceptive environment with Buzz that failed to take into account user involvement, opened customers to invasions of privacy not expected to come out of Buzz, and lacked controls that were intuitive or actually effective in curtailing data leakage.
The solution? Google gets to be independently audited for their commitment to user privacy every two years. Sounds like Google caught the short end of the boom-stick on this one, but as a reaction it makes sense—now if only we could get Microsoft and Facebook to bend under this self-same sort of auditing. Gigantic social-media outlets that wrap up contacts, internally stored e-mails, spheres of privacy, and also suffer from extremely complex social interactions may actually require some sort of watch dogging.
The deal represents the first time in history where an FTC settlement required a company to conduct privacy audits.
Google isn’t just facing issues in the US, of course, the EU has also been staring at them funny.
We’ve seen this phenomena in the considerable amount of issues people have with Facebook. This will probably be a danger with any institution that collects a lot of data and also becomes a warehouse for the social life of an individual. Social networking sites have exceeded expectations from all quarters and their capability of crystallizing our relationships with one another and keeping them extensively available forever creates an entirely new context that nobody has ever had to cope with before. People are increasingly finding themselves both too open to the world and in possession of too many controls on their own data.
Google Buzz simply fell on the wrong side of the equation: it opened up too many holes through the data sieve, didn’t manage enough controls or warning as to what this would mean, and failed to become popular enough to make itself ubiquitous enough that people wouldn’t just leave. Of course, they also had trouble leaving, so that likely led to part of the reason why Google is in the position they’re in now.
I guess that this FTC decision and its implications still leave everyone with one final question:
Is Google finally going to get rid of Buzz?