The Electronic Privacy Information Center is suing the Federal Trade Commission in an attempt to compel the agency to stop Google’s planned privacy changes.
In court papers filed on Wednesday, EPIC charged Google with planning changes that are “in clear violation” of the consent order Google entered into on October 13th.
As it now stands, Google’s privacy changes are set to go into effect on March 1st 2012.
EPIC is seeking a temporary restraining order and preliminary injunction to try to ensure that that all grinds to a halt.
In essence, unless EPIC manages to force the FTC to put a halt to the change, Google will consolidate more than 60 individual privacy policies into one.
The intended changes have stirred up controversy over Google’s intention to share more information between Google services like search, Google+ and Gmail.
The consent order that EPIC would prefer to see the FTC take seriously was the result of a settlement over a complaint about Google Buzz that EPIC brought to the Commission in February 2010.
The Buzz mess came out of a botched attempt on Google’s part to jump into social networking in February 2010.
Buzz was designed to stream external feeds such as Twitter and Google Reader and allowed users to create public or private posts on which the Buzz network could comment.
Google led Gmail users to believe they could choose whether or not to participate in Buzz. In fact, as they soon found out, users simply couldn’t opt out.
Users also lodged thousands of complaints regarding how tough it was to control what information was shared on Buzz.
Those Buzz settings breached Google’s own privacy promises, on top of violating the FTC’s Act, EPIC charged.
It turned into quite a fiasco for Google.
Google wound up publicly apologizing.
The company also agreed to put into place a comprehensive privacy program that would include privacy and data protection audits by an independent third party every two years for 20 years—the first company ever forced to adopt such steps by the FTC.
But, EPIC alleges, here Google goes again with the intended March 1 changes, right back to the shenanigans that got it into privacy hot water over Buzz.
This is what EPIC says on its website about its recent complaint and motion, filed in Federal District Court in Washington DC:
EPIC is seeking to compel the Federal Trade Commission to act prior to March 1, when Google plans to make changes in its terms of service that will make it possible for the company to combine user data without user consent. EPIC alleges that this change in business practice is in clear violation of the consent order that Google entered into on October 13, 2011.
In the court filings, EPIC’s lawyers charge that with the March 1st changes, Google is violating a quartet of consent order stipulations by:
- misrepresenting the extent to which it protects the privacy and confidentiality of user information;
- misrepresenting the extent to which the company complies with the U.S.-EU Safe Harbor Framework;
- failing to obtain affirmative consent from users prior to sharing their information with third parties;
- failing to comply with the requirements of a comprehensive privacy program.
The FTC, for its part, is sleeping on the job, EPIC says. Here’s what EPIC’s lawyers had to say about the Commission’s failure to make sure Google behaves itself:
To date, the FTC has failed to take any action with respect to Google’s imminent changes in privacy practices. Critically, the Commission has not filed a lawsuit pursuant to, the Federal Trade Commission Act which states that the FTC “shall” obtain injunctive relief and recover civil penalties against companies that violate consent orders.
You’d think that the FTC would have some interest in enforcing its own rules, but this is the second time around that EPIC has had to file complaints and force the Commission’s hand.
We should be grateful that in this trio of EPIC, Google and the FTC, we’ve got a watcher watching the watchers.
Further reading: If you’re looking for practical advice on how to manage your Google privacy settings, read “How to navigate Google’s privacy options” by Naked Security’s Chet Wisniewski.