Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Faces Privacy Audits For Next 20 Years

Posted by samzenpus on from the blink-of-an-eye dept.

Hugh Pickens writes "The San Francisco Chronicle reports that Google has reached a settlement with the Federal Trade Commission over Buzz, a social blogging service the company introduced through Gmail last year. The deal will require that Google have regular, independent privacy audits for the next 20 years. Buzz drew heavy criticism at launch in February 2010 for a glaring privacy flaw. When users turned it on, it suggested people to follow based on their Gmail contacts list and their most frequent email partners. 'Although Google led Gmail users to believe that they could choose whether or not they wanted to join the network, the options for declining or leaving the social network were ineffective,' says the FTC. Along with the 20 year oversight, the settlement also says that Google is barred from misrepresenting privacy or confidentiality of the user information it collects, Google must obtain user consent before sharing their information with third parties if it changes its privacy policy, and Google must establish and maintain a comprehensive privacy program."

8 of 112 comments (clear)

  1. Um... by Anonymous Coward · · Score: 3, Insightful

    Facebook? Hello?

  2. Good by gman003 · · Score: 5, Insightful

    Honestly, these kinds of things should be mandatory for any large company with that much personal information. Regular independent audits? Sounds like the kind of oversight we need. Can't lie about how private your info is? Sounds like something that should be a law. Need to get consent again after changing the terms? Again, I'm surprised you could get away with it before.

    Now let's just get these things applied everywhere else like Google. Facebook, for one, deserves even more oversight.

    1. Re:Good by martin-boundary · · Score: 3, Insightful

      They make it glaringly obvious that is how they make their money.

      Actually, they don't. They don't tell anyone just what exactly will be done with their information, and just exactly who will get to see/copy it. That's something we don't know, only Zuck and his minions knows that. And without knowing exactly that information, there's no true basis for consent.

    2. Re:Good by martin-boundary · · Score: 3, Insightful
      First, I think it's wrong to equate privacy protection with simply doing the same as other companies are doing. What's to ensure that those other companies are actually protecting their customers' data any better? This IMHO is a major problem with the US lack of standards similar to the EU data protection principles.

      There are several reasons why it matters what will be learned from the data, and who gets it.

      Suppose there's a (deliberate or otherwise) mistake in your data, it will be replicated everywhere the data is copied. If you don't know who has access to your data, then you can't tell them to fix it, and it may travel widely causing you damage. In fact, there's no way to prevent some unknown company from changing your data fraudulently, or mixing your data with someone else's data who has the same name. Moreover, what if you (don't) find out that some company you wish to do business with has bought information about you from some random source that's not reliable. You could be penalized without ever knowing why (eg credit records, insurance premiums).

      Now besides knowing who gets your data, it's also important to know how data is combined and learned. When data travels and gets learned, it always loses context and is transmogrified. You could have a juvenile shoplifting record, and by the time it ends in some company's database, it has been transformed into "criminal offense" which could be anything. The same is true with medical conditions. You might have some harmless recurring problem, but the computer simplifies that into a generic category, and in that category you are lumped with much more serious diseases, and penalized.

      Data never stays 100% the same when it moves from one computer to another. It's important for people to be able to know what data a company has about them, and be able to do something about it. Companies should be held accountable about this.

  3. Google got hit before Facebook? by KlomDark · · Score: 4, Insightful

    Not fair. Google's been a lot better at protecting info than Zuckerberg's famous pig.

  4. Re:Thank you Schmidt. by slimjim8094 · · Score: 2, Insightful

    Jesus are people still talking about "wireless sniffing" like it's a terrible thing? That's like calling it my fault that I'm forced to smell it when you rip ass.

    In fact, that's a more apt analogy than I intended. The recipient has no control, in each case, of whether it gets to them. Can they be faulted for collecting? Sure, it would make them a little creepy if they delibrately inhaled, but there's absolutely no evidence than they intended to. In any case, it's not their fault for having it be there in the first place.

    I'm so sick of this WiFi shit. IT'S FUCKING RADIO WAVES! THEY ARE **BROADCASTED**. BROAD ... CAST.... If you don't want it to get out there, then DON'T SPEND MONEY AND ELECTRICITY TO PUT IT OUT THERE! Or at least encrypt it!

    --
    I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
  5. Re:Forget Facebook... by Anonymous Coward · · Score: 2, Insightful

    ...how about getting our own GOVERNMENT to follow these guidelines? I'd have a hard time following an edict by someone who won't follow it themselves.

    What are you talking about, government transparency is fine.

  6. Re:facebook by vivian · · Score: 3, Insightful

    These term that Google has to meet should be standard terms that ALL companies who collect information have to meet - especially the one about having to obtain user consent before sharing a user's private information with third parties.