Google's settlement is unprecedented, not only because it marks the first time the FTC has accused a company of violating privacy rules spelled out under the U.S.-EU Safe Harbor Framework, but also because it is the first settlement requiring a company to institute a "comprehensive privacy program" as part of the agreement, according to the FTC.
Google will also have to submit to regular, independent privacy audits once every two years for the next 20 years and will be required to obtain "affirmative consent" from users before changing how it shares their personal data with third parties.
Google's social networking service Buzz sparked an outcry when it launched after it exposed users' most frequent contacts to others.
The FTC wrote in a statement, "The proposed settlement bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years."
In a blog post, Google apologized for the "mistakes we made with Buzz" and noted that the FTC's announcement "thankfully put this incident behind us."
There is no monetary penalty, but Jessica Rich, the deputy director of the FTC's Bureau of Consumer Protection, noted that the agency sees the settlement as a "tough order that will impose substantial costs," particularly as Google will have to hire an outside auditor to monitor their privacy policies.
Google will also be charged $16,000 per violation to the FTC's order. Rich said that the Google Wi-Fi incident , in which Google mistakenly collected passwords and other personal information from users via its Street View project, would have constituted a violation to the FTC's order.
"I think that many provisions in this order are good business practices that we would expect to see followed throughout the industry," Rich said of the settlement.