Google Settles FTC Charges of Safe Harbor Privacy Violations
A recent FTC settlement with Google over privacy-policy violations marked the FTC's first action charging a company with falsely certifying compliance with the U.S.-EU Safe Harbor program.
When Google launched Google Buzz, its social-networking platform, the search giant appeared to give users a chance to bypass the new feature by clicking "Nah, go to my Inbox" instead of "Sweet! Check out Buzz." According to the FTC, however, users who clicked "Nah" could be "followed" by other Buzz users, could have their profiles exposed to those users and could be automatically enrolled in Buzz without further notice by clicking a link from the Gmail interface.
The FTC enforces the Safe Harbor framework, which allows companies to transfer personal information about EU residents to the United States. European data-protection laws regulate the cross-border transfer of personal information to the U.S. because, according to European authorities, U.S. privacy laws do not provide adequate protection for personal data. The Department of Commerce developed the Safe Harbor program in 2000 to facilitate the free transfer of information for commercial purposes. Companies that join the program certify that their privacy practices, policies and procedures provide sufficient protection for personal information.
The terms of the FTC settlement require Google to implement a comprehensive privacy program, to undergo periodic, independent privacy audits and to refrain from making additional privacy-related misrepresentations in the future. The settlement terms remain in effect for 20 years.Categories: Data Privacy & Security
Tags: Data Privacy, Safe Harbor