October 28, 2010
By: Stephanie Kierchgaessner and Richard Waters
The top US consumer protection agency has dropped an inquiry into data collection breaches by Google, even as regulators in Europe and Canada have stepped up their scrutiny of the internet giant’s privacy policies.
David Vladeck, the director of the bureau of consumer protection at the Federal Trade Commission, said the FTC had decided to drop its investigation into Google’s allegedly inadvertent collection of consumer data in 2007 because it was satisfied that Google had adequately addressed the issue internally.
The FTC decision marks the end of at least one major probe into the most damaging privacy breach to hit the company to date. But the company is still facing ongoing investigations by individual state attorneys general in the US, and regulators in Spain and Canada both last week concluded that Google had broken local laws while investigations are underway in other countries.
Google admitted for the first time last week that the cars it had used to photograph residential streets for its Street View mapping service had illicitly collected some personal e-mails and passwords from the homes it passed. The breach was first announced in May.
At that time, however, the company said it had only collected “fragments” of information. Mr Vladeck said the revelation had caused “concern” among FTC staff because Google had only discovered the 2007 breach in response to a request from data protection authorities in Germany.
But in a letter to a Google attorney posted on the commission’s website, Mr Vladeck said Google’s decision to improve its internal processes to address the FTC’s concerns, including the appointment of a new director of privacy for engineering, gave staff enough assurances that the company had addressed the issue. FTC chairman Jon Leibowitz declined to comment on the decision.
“Google has made assurances to the FTC that the company has not used and will not use any of the payload data collected in any Google product or service, now or in the future,” Mr Vladeck said. “The assurance is critical to mitigate the potential harm to consumers from the collection of payload data.”
Google said it was pleased by the news. But the decision was met by outrage from privacy advocates.
Marc Rotenberg, director of the Electronic Privacy Information Center, accused the FTC of making its decision based solely on Google’s own representations, without making any “independent” determination on whether the company had broken privacy rules.
Jeffrey Chester, another privacy watchdog, said he believed the FTC was giving Google a pass in part because of the White House’s close relationship with the company. Even though the FTC is the top consumer protection agency in the US, it has limited statutory authority to take enforcement action against companies.
The commission is due to unveil a new set of voluntary privacy guidelines in coming weeks. Mr Leibowitz has said that addressing the rampant collection of personal data by internet companies is a top priority.