FTC's action over Google Buzz means Internet companies no longer will exploit personal data. Until they do.

Privacy groups cheer settlement, but will it really lead to better protection of consumer data? Of course not


Even as some privacy watchdog groups cheer the Federal Trade Commission's decision Wednesday to force a settlement with Google over privacy violations resulting from last year's launch of the search company's Buzz social networking service (see link below), others are expressing concern that the FTC didn't go far enough.

(Also see: Privacy groups cheer FTC's action over Google Buzz)

The commission's settlement with Google calls for no fine, but does require the company to implement a "comprehensive" privacy policy and submit to privacy audits by independent parties every other year for the next two decades.

According to the FTC, it's the first time a company has been required as part of a settlement to enact a consumer privacy protection program. The FTC adds that it's also the first time the commission "has alleged violations of the substantive privacy requirements of the U.S.-EU Safe Harbor Framework, which provides a method for U.S. companies to transfer personal data lawfully from the European Union to the United States."

But John Simpson, director of Consumer Watchdog's Privacy Project, says that for all the FCC's self-congratulatory tough talk, "Google needs to be punished and feel pain on its bottom line. Nothing will completely stop Google from invading users’ privacy until it gets hit where it hurts, its bank accounts."

The Association for Competitive Technology, a small-business trade group, was equally adamant about a financial sanction. "The FTC was right to take up the case against Google for its transgressions. Unfortunately, today's proposed settlement doesn't go far enough to punish or deter," Executive Director Morgan Reed said in a statement.

Reed suggests that the FTC fine Google $16,000 for future privacy violations. I'm assuming he means $16,000 per individual privacy violation, not $16,000 for something like the entire Buzz fiasco, in which Gmail users were opted into Buzz by default and personal information -- including which other Gmail users they interact with most -- was made public.

You could make the FTC fine $16 million and it wouldn't really matter. The truth is, Google is far too big to hurt by that kind of financial penalty. Google recently settled a class-action lawsuit over Buzz for $8.5 million. In 2010, Google generated $29.32 billion in revenue. That's $80.33 million a day. In other words, Google could make up the $8.5 million settlement with about two-and-a-half hours' worth of revenue. That'll teach the recalcitrant giant a lesson it shan't soon forget!

While the independent audits every other year will be a minor inconvenience to Google, there's nothing in the settlement that "should lead to higher privacy standards and better protection for personal data," as the Electronic Privacy Information Center said in a statement. Not so long as companies like Google and Facebook can write off the paltry penalties they incur as a cost of doing business.

Which they'll gladly do, because the proposition from the beginning was that the marks users get their services for free -- Internet search or social networking -- and in return Google and Facebook collect their personal information to sell to marketers. Pretending to be contrite for the 24 hours that an FTC decision is in the news cycle is a small price to pay for mining and selling demographic gold to their real customers -- advertisers.

In other words, nothing is going to change.

Chris Nerney writes about the business side of technology market strategies and trends, legal issues, leadership changes, mergers, venture capital, IPOs and technology stocks. Follow him on Twitter @ChrisNerney.

Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question