Google Privacy Settlement is Just Strange

November 5th, 2010 by Search Influence Alumni

The other day, every Google Mail user got the same message in their inbox:

Just kidding. This is the actual message:

Google rarely contacts Gmail users via email, but we are making an exception to let you know that we’ve reached a settlement in a lawsuit regarding Google Buzz (http://buzz.google.com), a service we launched within Gmail in February of this year.

Shortly after its launch, we heard from a number of people who were concerned about privacy. In addition, we were sued by a group of Buzz users and recently reached a settlement in this case.

The settlement acknowledges that we quickly changed the service to address users’ concerns. In addition, Google has committed $8.5 million to an independent fund, most of which will support organizations promoting privacy education and policy on the web. We will also do more to educate people about privacy controls specific to Buzz. The more people know about privacy online, the better their online experience will be.

Just to be clear, this is not a settlement in which people who use Gmail can file to receive compensation. Everyone in the U.S. who uses Gmail is included in the settlement, unless you personally decide to opt out before December 6, 2010. The Court will consider final approval of the agreement on January 31, 2011. This email is a summary of the settlement, and more detailed information and instructions approved by the court, including instructions about how to opt out, object, or comment, are available at http://www.BuzzClassAction.com (no longer available).

Again, to be clear, no Gmail or Buzz user can get money from the settlement because, as the class action notice states, “few, if any, Class members suffered compensable actual damages and because a pro-rata distribution of the fund to the class would not be feasible due to the size of the Class.”

First filed around February 17 by Harvard law student Eva Hibnick, about a week after Google announced Buzz as an expansion of Gmail, the lawsuit almost seems like a class exercise. The complaint cites violations of the Federal Wiretap Act, the Federal Computer Fraud and Abuse Act, the Federal Stored Communications Act and California common law.

None of the plaintiffs mentioned in the Class Action Complaint claim to have any palpable damages, all saying “Google automatically activated the Buzz program on [the plaintiff’s] email account, as a result of which Buzz broadcast her personal information to other Gmail users and/or made this information publicly viewable on the Internet.” In addition, the plaintiffs’ already liberal use of privacy-compromising internet apps, such as Facebook, doesn’t help their case.

However, that litany lacking damages leads to a list of media accounts. Despite the cries of quelle horreur, the first example simply looks like good reporting and increased governmental transparency and the second only gives more credence to the use of COPPA. Later examples are more effective, but the question in my mind centers around the lawyers and their lack of willingness to contact more damning plaintiffs, such as a medical or legal office or the woman mentioned in the Times piece.

The plaintiffs are concerned about the personal contact information automatically released by Buzz, such as place of residence, occupation, and email address. Furthermore, Google collected pictures and video from other Google-owned sites and showed them in Buzz, allowing anyone to view them. Finally, Google automatically created “Follow” lists, allowing Buzz to show a user’s list of contacts. These on their own would probably be a welcome change from the standard friend-finding on other social networking apps, but Buzz’s automatic enrollment ruined the experience for users.

While it is a mystery how the privacy settings were missed in development—possibly it was a feature, not a bug—over four days, Google made 5 major edits noted in the settlement, and re-publicized the privacy setting change in April. These actions were clearly mitigating to the charges, and likely avoided any sizable penalty for the Company.

So what is the penalty? Google publicizes an $8.5 million slush fund for internet privacy awareness, education, and policy formation. What they don’t tell you upfront is that the two attorneys for the suit, Gary E. Mason and Michael Ram, received 1/4 of the fund, $2.125 million, between them. In addition, each of the 7 named plaintiffs got $2500 each, leaving about $6.4 million for the fund.

It’s clear Google wants to show they’re on top of privacy issues and certainly wants to keep the mindset of “Don’t be Evil,” despite officially dropping the motto. The question remains if the public will buy it. The public doesn’t really seem to care about privacy.

Google’s share was up by 60¢ (.1%) after the emails went out two days ago, and was up $2.18 (.35%) at the time of writing. Looks like the public bought it–will those who were truly affected by the privacy leak feel the same way?