The FTC charged Google with using deceptive tactics and violating the company's own privacy promises to consumers, according to the complaint. The government agency also alleged that Google violated the substantive privacy requirements of the Safe Harbor Framework, which gives companies a method to lawfully transfer data from the European Union to the United States.
"When companies make privacy pledges, they need to honor them," said Jon Leibowitz, chairman of the FTC, in a release. "This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations."
Although terms are Google-specific, the government apparently hopes other social networks pay close attention to the settlement.
"Terms of the order apply only to Google. But the best practices set forth in the order should serve as a guide to industry," the FTC tweeted, as part of its steady stream of responses to questions via Twitter. "FTC staff proposed framework for protecting consumer privacy in Dec. Will continue aggressive law enforcement in privacy too."
When Google launched Buzz via Gmail in February 2010, the developer led users to believe they could choose whether or not to join the network. But users' options for declining or leaving the social media site were ineffective, according to the FTC.
"The launch of Google Buzz fell short of our usual standards for transparency and user control -- letting our users and Google down," wrote Alma Whitten, director of privacy, product, and engineering at Google, in a company blog. "While we worked quickly to make improvements, regulators -- including the U.S. Federal Trade Commission -- unsurprisingly wanted more detail about what went wrong and how we could prevent it from happening again. Today, we've reached an agreement with the FTC to address their concerns."
Google also incorrectly stated it was acting in accord with the Safe Harbor framework, a voluntary program administered by the U.S. Department of Commerce in consultation with the European Commission. In order to participate, companies must self-certify each year that they meet pre-defined privacy principles; the FTC said Google did not give consumers notice or choice when their information was used for a different purpose than for which it was gathered.
"Case demonstrates FTC's continuing commitment to enforcing U.S.-EU Safe Harbor. Always looking for more cases," the FTC tweeted.