Related Posts
Google Settles FTC Charges of Safe Harbor Privacy Violations
A recent FTC settlement with Google over privacy-policy violations marked the FTC's first action charging a company with falsely certifying compliance with the U.S.-EU Safe Harbor program.
When Google launched Google Buzz, its social-networking platform, the search giant appeared to give users a chance to bypass the new feature by clicking "Nah, go to my Inbox" instead of "Sweet! Check out Buzz." According to the FTC, however, users who clicked "Nah" could be "followed" by other Buzz users, could have their profiles exposed to those users and could be automatically enrolled in Buzz without further notice by clicking a link from the Gmail interface.
The FTC enforces the Safe Harbor framework, which allows companies to transfer personal information about EU residents to the United States. European data-protection laws regulate the cross-border transfer of personal information to the U.S. because, according to European authorities, U.S. privacy laws do not provide adequate protection for personal data. The Department of Commerce developed the Safe Harbor program in 2000 to facilitate the free transfer of information for commercial purposes. Companies that join the program certify that their privacy practices, policies and procedures provide sufficient protection for personal information.
Among the Safe Harbor principles that make up the program's framework are the concepts of "notice" and "choice"— giving consumers notice of the information being collected and giving them the choice to opt out of collection. Google's privacy policy told consumers that the company complied with the program when in fact its practices failed to follow the "notice" and "choice" principles.
The terms of the FTC settlement require Google to implement a comprehensive privacy program, to undergo periodic, independent privacy audits and to refrain from making additional privacy-related misrepresentations in the future. The settlement terms remain in effect for 20 years.
|
Posted by WeComply on December 8, 2011 WeComply is a leading provider of customizable online ethics and compliance training solutions, offering more than 100 courses on such topics as anti-corruption, antitrust, Code of Conduct, preventing discrimination and harassment, data privacy and security, insider trading and whistleblowing. |
Tags: Data Privacy, Safe Harbor
