EPIC Sues FTC Over Google Privacy Policy Flap

The Electronic Information Privacy Center is suing the FTC to get it to stop Google's privacy policy changes, which commence March 1.

The Electronic Privacy Information Center sued the Federal Trade Commission Feb. 8, compelling the agency to halt Google's (NASDAQ:GOOG) privacy-policy changes before they go into effect March 1.

EPIC argued that the privacy-policy changes, which include bringing 60 Web services under one umbrella policy and enable Google to share data between those services, violate the consent order the search engine entered into with the commission nearly a year ago.

Google last March settled FTC charges that it used deceptive tactics and violated its own privacy promises to consumers with its Google Buzz social application, which exposed users' Gmail contacts to others without users' express permission.

Google agreed to secure users' consent before sharing their information with third parties if Google changes privacy promises it made after collecting users' information.

EPIC, which argued Google's bid to share data between its own Web services violates the consent agreement, filed its complaint in the Federal District Court in Washington, D.C. The group called for a temporary restraining order and preliminary injunction, "seeking to compel the Federal Trade Commission to act" before March 1.

"The Federal Trade Commission has a non-discretionary obligation to enforce a final order," EPIC wrote in its complaint. "But the agency has thus far failed to take any action regarding this matter, placing the privacy interests of literally hundreds of millions of Internet users at grave risk. EPIC brings this Administration Procedure Act suit to require the Commission to enforce the consent order."

Google Jan. 24 said it would funnel 60 of its 70 existing product privacy policies under one blanket policy and break down the identity barriers between some of its services to accommodate its new Google+ social network software.

The move comes as regulators in the United States and Europe have criticized Google, Facebook and other Web service providers for offering long-winded and legally gnarled privacy protocols. The biggest privacy change concerns Google's accounts.

When users are signed in, Google may combine identity information users provided from one service with information from other services. The goal is to treat each user as one individual across all Google products, such as Gmail, Google Docs, YouTube and other Web services.

The data-sharing change compelled Congress, Europe and now EPIC to express concern that Google is playing fast and loose with users' data without their consent.

This is a damning accusation after the aforementioned Google Buzz privacy imbroglio and Street View WiSpy privacy gaffe, in which more than 600GB of user passwords, browsing habits and other data were collected from unsecured WiFi networks.

EPIC's use of the Google Buzz snafu in its argument must be particularly discouraging to Google, which actually feels it has been extremely cautious, transparent and fair in going about its policy-change disclosure.

For example, when Congress demanded more information on the policy changes, Google responded with a detailed letter and a sit-down meeting with concerned members of the Senate within days.

To Google's credit, (and what may prove in hindsight to be its detriment), the search giant has no plans to halt or revise its privacy-policy changes.

Those who don't wish to have their data shared with existing services, can use some services, such as search, Google Maps and YouTube, without signing into their Google account, or simply not use Google services at all.