Google signs up to 20 years of privacy audits

In a bid to make the FTC go away over its Buzz fiasco, Google has agreed to be subjected to regular privacy audits for 20 years.

Google introduced Buzz, a social blogging service last year. However the social notworking site had a huge privacy flaw and suggested people to follow based on their Gmail contacts list and their most frequent email partners.

Anybody following a user could automatically see all of his other Buzz contacts. So you could see if your girlfriend was still emailing her ex.

According to the San Francisco Chronicle Google fixed the problem but that did not stop the regulators getting up in arms, hence the FTC investigation.

Doing 20 years seems a bit stiff. You only get 10 years for murder. Larry Page will be 58 years old by the time his sentence is served.

But the FTC said that Google led Gmail users to believe that they could choose whether or not they wanted to join the network, but the options for declining or leaving the social network were ineffective.

Even those who opted out of Buzz were still enrolled in some features of the service.

Also included in the deal was the promise that Google would not misrepresent privacy or confidentiality of the user information it collects.

Google must obtain user consent before sharing their information with third parties if it changes its privacy policy.

Google must also establish and maintain a comprehensive privacy program. It has formally apologised for the whole mess, saying that Buzz fell short of its “usual standards for transparency and user control”. Ahem.

A 20 year sentence is similar to one that Microsoft copped in 2002 over its Passport service. The FTC imposed a 20-year oversight period, including regular audits to make sure that Microsoft was explaining exactly what information Passport collected and how the company used it and shared it.