Google's decision to add its users' Gmail contacts to its Buzz social media platform without their express permission has played out in a settlement with US Government regulators.
The ad-search giant settled with the US Federal Trade Commission over charges that it used "deceptive tactics and violated its own privacy promises".
Google was barred from future "privacy misrepresentations", and will be audited every two years for the next 20 years, and must roll out a privacy programme - the first time the latter was required by the FTC.
“When companies make privacy pledges, they need to honour them,” said Jon Leibowitz, chairman of the FTC.
“This is a tough settlement that ensures that Google will honour its commitments to consumers and build strong privacy protections into all of its operations."
Google took the opportunity to again apologise to users, and list the services it now offers to protect privacy.
"User trust really matters to Google," said Alma Whitten, director of Privacy for product and engineering, in a post in the Google blog. "That’s why we try to be clear about what data we collect and how we use it — and to give people real control over the information they share with us."
"That said, we don’t always get everything right," she admitted. "The launch of Google Buzz fell short of our usual standards for transparency and user control—letting our users and Google down."
The complaint was raised with the FTC by the Electronic Privacy Information Centre. Anyone disagreeing with the settlement has until 1 May to submit a written comment before the order is final.
Google last year settled a class-action suit over Buzz, paying out $8.5 million.