Google Will Face Privacy Audits For The Next 20 Long Years (GOOG)

Google has reached a settlement with the Federal Trade Commission over Buzz, a social blogging service that the company introduced through Gmail last year.

As part of the deal, Google will be subjected to regular, independent privacy audits for the next 20 years. By then, soon-to-be CEO Larry Page will be 58 years old.

Buzz drew heavy criticism at launch in February 2010 for a glaring privacy flaw. When users turned it on, it suggested people to follow based on their Gmail contacts list and their most frequent email partners.

The problem: anybody following a user could automatically see all of his other Buzz contacts. So, for instance, your wife could see that you're still exchanging lots of emails with your ex-girlfriend.

As the FTC put it, "Although Google led Gmail users to believe that they could choose whether or not they wanted to join the network, the options for declining or leaving the social network were ineffective." Yikes.

The FTC also notes that users who opted out of Buzz were still enrolled in some features of the service.

Along with the 20 year oversight, the settlement also says that:

* Google is barred from misrepresenting privacy or confidentiality of the user information it collects.

* Google must obtain user consent before sharing their information with third parties if it changes its privacy policy.

* Google must establish and maintain a comprehensive privacy program.

The FTC notes this is the first time it has alleged violations of the U.S.-EU Safe Harbor Framework, which basically requires U. companies to meet the much stricter privacy requirements of the EU. That framework was established to let US companies collect information collected from EU citizens.

Google has formally apologized for the whole mess, saying "The launch of Google Buzz. fell short of our usual standards for transparency and user control—letting our users and Google down."

Microsoft faced a similar FTC investigation over its Passport service back in 2002. There, too, the FTC imposed a 20-year oversight period, including regular audits to make sure that Microsoft was explaining exactly what information Passport collected and how the company used it and shared it with partners.