Response Magazine Site Response Expo Site Direct Response Market Alliance Site Job Board


   Log in

FTC 'Buzz' Saws Google – Why Privacy Policy Compliance Matters

1 Aug, 2011 By: Jeffrey Richter, Arthur Yoon

What can happen when an advertiser fails to follow its own privacy policy with regard to the ways it collects and uses customer information? Google Inc. found out the hard way when the Federal Trade Commission (FTC) filed suit against it, claiming false representations, deceptive practices and failures to disclose information with regard to the launching of a social networking service called Google Buzz within Gmail, its Web-based E-mail product.

Buzz allows users to share updates, comments, photos, videos and other information through posts or “buzzes” made either to individuals or groups of users. Google used the information of consumers who signed up for Gmail to populate Buzz without their consent, which, in many instances, resulted in certain previously private information being made public.

The FTC claimed, among other things, that Google violated Section 5(a) of the FTC Act by falsely representing to users signing up for Gmail that it would use their information only for the purpose of providing them with Web-based E-mail when in fact it was being used for Buzz, and that Google falsely represented to consumers that it would seek their consent before using their information for a purpose other than that for which it was collected. The FTC further claimed that Google deceived consumers about their ability to decline enrollment in certain features of Buzz, and that Google failed to disclose adequately that certain consumer information would become public by default through the Buzz service.

In March, Google agreed to settle the FTC’s charges. The settlement agreement bars the company from future privacy misrepresentations similar to those in this case, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years – among other things. The settlement agreement contains numerous requirements designed to prevent Google from engaging in the future in practices similar to those alleged in the complaint with respect to all Google products and services.

The enforcement action against Google demonstrates that the FTC will prosecute an advertiser that makes overly broad privacy representations and then fails to abide by them. Advertisers must ensure that their business practices and operations comport with their stated policies. An advertiser needs to understand precisely what information it receives from customers and adequately disclose how it intends to use such customer information.

For example, if an advertiser represents that the data it is collecting from a customer is to be used only for the purchase of a product or service, which is often the case, then the customer data must be used only for such purposes, unless the advertiser obtains the customer’s consent to use it for another purpose. Furthermore, an advertiser should appoint an officer to be in charge of its privacy policy in order to monitor and ensure that it is in compliance with the policy, which should adequately cover its range of products and services. Privacy concerns should be considered early and not after inadvertent violations are made.

In order to avoid running afoul of the FTC, an advertiser, with the assistance of legal counsel, should review its privacy policy from time to time to assess and ensure that it is making adequate disclosures and that its business practices comport with, and are not contrary to, its stated policy.

Jeffrey Richter is a partner and Arthur Yoon is an associate at Los Angeles-based Finestone & Richter. They can be reached at and, or (310) 575-0800.

Add Comment