@FTC: Google pays $22M for (unintentional) misrepresentation of privacy practices – no intent required

The FTC hosted a super fascinating Twitter “conversation” following its announcement of the $22 million settlement with Google over its privacy violation in overriding the Safari browser’s privacy settings without notifying users. FTC Department of Enforcement staffers  exchanged tweets with a few privacy-focused Twitter users. Many tweets focused on whether Google intentionally deceived users as to its privacy practices, or if the privacy breach was an accident. Other tweets keyed in on how Google’s fine was calculated, and asked when the FTC first learned of Google’s secret Safari tracking. The FTC responded that Goggle’s intent is irrelevant to the question of whether there are misrepresentations in privacy policies. This reflects FTC precededent. One FTC tweet reflected cynicism that the tech giant is unable to control its privacy practices, saying  ”unintentional is Google’s story.”

The takeaway is that over promising protection of personal data in a privacy policy is a bad idea.  Even accidental violations of a privacy policy are actionable. Too many unforeseeable risks are poised by collecting and sharing user data (from hackers to a lack of coordination with technology partners) to make such promises. Ask Twitter about its own FTC settlement.  Expectations (of both consumers and regulators) about the content of privacy policies have changed. Most websites need new policies that contemplate the changes to COPPA,  increased expectations for privacy disclosures for mobile devices and protection of offline data.  Website operators must understand how their technology use the website’s customer data. Details about how both personally identifiable and non-personally identifiable information is collected, shared and protected should be disclosed.

Tweeps who engaged with the FTC last week might wonder how their tweets are being used.  The FTC’s privacy preactices are disclosed in the FTC’s Privacy Impact Assessment and chart showing how user information is collected when interacting with the FTC.

Trackback URL

http://oberipwatch.com/2012/08/17/ftc-google-pays-22m-for-unintentional-misrepresentation-of-privacy-practices-no-intent-required/trackback/

Leave a Reply