Search giant Google Inc has settled with U.S. regulators investigating privacy problems that cropped up in its botched roll-out of social network Buzz, the Federal Trade Commission said on Wednesday.
Under the deal, Google agreed to have independent privacy audits every two years for the next 20 years.
This order technically applies only to Google but we think that many of the provisions of the order are good business practices that the rest of the industry should follow, said Jessica Rich, deputy director of the FTC's Consumer Protection Bureau.
Launched in February 2010 to compete with Twitter, Buzz initially used its Gmail customers' email contact lists to create social networks of Buzz contacts that the rest of the world could see, which led to an uproar.
Google quickly changed the settings so that contacts were kept private by default. Analysts generally consider the product a flop.
It's a big deal, said Marc Rotenberg, executive director of the Electronic Privacy Information Center, which filed the original complaint about Buzz with the FTC.
I think they were overly aggressive. I think they basically decided that they were going to convert their Gmail users to a social network overnight, said Rotenberg.
EPIC's complaint included stories of people who were signed up to Buzz along with people they did not want to be connected with -- in one case an abusive ex-husband.
Google initially said that information was limited to fragments of unencrypted data but later acknowledged that the cars actually collected more extensive information, including complete emails and passwords.
The U.S. Federal Trade Commission closed its investigation into the issue, which was also probed by the governments of Britain, France, Singapore and Switzerland, among others.
The big difference is that now Google's privacy behaviors will be evaluated by a third-party every two years, the source said.
That audit will not be made public, the FTC said.
The FTC charged that Google was deceptive in leading its Gmail customers to believe that they could decline to participate in Buzz. Those who declined were still included in certain Buzz features.
For users who joined the Buzz network, the controls for limiting the sharing of their personal information were confusing and difficult to find, the FTC said in a statement.
This is a 20-year order, and if they don't comply with the order they can be subject to (a) $16,000 (fine) per violation, added Rich.
Google apologized for the Buzz botch in a blog post on Wednesday, and pledged not to repeat the error.
The launch of Google Buzz fell short of our usual standards for transparency and user control -- letting our users and Google down, wrote Alma Whitten, director of privacy, product and engineering.
We'll receive an independent review of our privacy procedures once every two years, and we'll ask users to give us affirmative consent before we change how we share their personal information.
(Reporting by Diane Bartz and Alexei Oreskovic, editing by Gerald E. McCormick, Tim Dobbyn and Matthew Lewis)