Google Buzz settlement called a 'killer' for e-commerce

The U.S. Federal Trade Commission's proposed settlement with Google over its bungled launch of the Buzz social-networking service could have disastrous effects on the rest of the e-commerce industry, the head of a trade group said.

Privacy groups and some FTC officials are pressing to set the Buzz settlement as an online privacy standard. And one provision of the proposed settlement would be a "real killer" for the rest of the e-commerce industry, said Steve DelBianco, executive director of trade group NetChoice.

The proposed settlement, with public comments due next Monday, requires Google to get "express affirmative consent" from its users for "any new or additional sharing" of personal information with third parties if the new sharing is a change in Google's practices.

This provision, if it becomes an industry standard enforced by the FTC, would require all online businesses to get opt-in permission from customers for minor changes in the way they share information with partners or other businesses, DelBianco said. Opt-in requirements would make it difficult for social-networking and online content sites to roll out new innovations and pay for their free services, he said.

The calls for the settlement to become a privacy standard "can't be allowed to produce side effects for the rest of the industry for something Google did inappropriately," DelBianco said. "If the FTC gets its way and imposes the Google settlement on the entire industry, Google's competitors have to obtain express, affirmative consent before releasing any new features that would just share non-sensitive user data with third-party apps and advertisers."

The opt-in requirement would apply to "any" customer information, not just personally identifiable information, he said. "There's no limit on it," DelBianco said. "Are these material, serious changes? No, 'any' changes."

Getting opt-in permission to share additional user data is "notoriously difficult," especially now, when online users see frequent warnings about online privacy invasions, DelBianco added. "The atmosphere is poisonous right now for obtaining opt-in consent," he said.

The proposed settlement, announced in March, bars Google from future privacy misrepresentations, requires the company to implement a comprehensive privacy program and requires independent privacy audits for the next 20 years. When it launched Buzz in early 2010, Google used personal data from its Gmail product to populate Buzz, without getting permission of Gmail users. In some cases, Google shared personal information with Gmail users' ex-spouses, employers and doctors, the FTC said.

The settlement's opt-in requirement will have little impact on Google, which gets a large portion of its revenue from search-based and display advertising, DelBianco said.

Google "doesn't need to share anything with third parties," he said. "Google's so large of a first party that it can dictate terms to its third parties."

Most other e-commerce businesses provide services that share non-sensitive data with third parties, DelBianco said. "The bottom line here is the rest of the online industry is going to find it even harder to compete with Google if the Buzz settlement applies to the rest of the industry," he said.

Google is not a member of NetChoice. The trade group's members include AOL, eBay, Oracle and Yahoo.

Privacy advocate Jeffrey Chester and Katie Ratte, lead attorney in the FTC's Division of Privacy and Identity Protection, downplayed DelBianco's concerns.

The element of the settlement that the FTC would like to model an industry standard on is the requirement that Google implement a comprehensive privacy policy, Ratte said.

In addition, the opt-in proposal in the settlement focuses on information sharing by Google contrary to the company's privacy policy, she said. The settlement bars Google from making retroactive changes to its information-sharing policy, and that's similar to past privacy settlements the FTC has entered into, she said.

The provision is a "little bit more limited" than DelBianco's reading of it, Ratte said. "If they're sharing information with third parties in a way consistent with what's already been disclosed to the consumer, that doesn't trigger the opt-in," she added.

For example, if Google says in its privacy policy that it shares customer data with payment processors, and it adds a new payment processor to its services, it would not need opt-in permission from customers, she said.

Privacy advocates are pressing for changes to the settlement, and they hope a stronger version of it will become an industry standard, said Chester, executive director of the Center for Digital Democracy. But Chester doesn't see privacy advocates pushing for websites to get opt-in permission every time they make "routine, account maintenance" changes.

"I think what we're talking about is the very process of revising your profile and marketing it," Chester said. "That's what I'm getting at -- the incorporation and continued use of your data for targeted marketing. Whenever you're selling the data, making the data available for sale, and incorporating additional data ... you have to have opt-in permission."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

FREE Computerworld Insider Guide: Five IT certifications that won’t break you
Join the discussion
Be the first to comment on this article. Our Commenting Policies