Google Privacy Assessment
Total Page:16
File Type:pdf, Size:1020Kb
United States of America FEDERAL TRADE COMMISSION WASHINGTON, D.C. 20580 Mike Swift MLex Market Intelligence 324 Metzgar Street HalfMoon Bay, CA 94019 SEP 26' 2012 Re: FOIA-2012-01356 Third Party Privacy Report - Google Dear Mr. Swift: This is in response to your request dated September 13, 2012, under the Freedom of Information Act seeking access to the privacy report Pricewaterhouse Coopers, LLP created pursuant to the Google Buzz consent order, C-4336. In accordance with the FOIA and agency policy, we have searched our records, as of September 13, 2012, the date we received your request in our FOIA office. We have located 34 pages ofresponsive records. I am granting partial access to and am enclosing copies of the accessible records. Four pages and portions of other pages fall within the exemptions to the FOIA's disclosure requirements, as explained below. Some responsive records constitute confidential commercial or financial information, which is exempt fromdisclosure under FOIA Exemption 4, 5 U.S.C. § 552(b)(4). See Critical Mass EnergyProject v. NRC, 975 F.2d 871, 879 (D.C. Cir. 1992). Moreover, because Section 6(±) of the FTC Act, 15 U.S.C. § 46(±), prohibits public disclosure of this type of information, it is also exempt under FOIA Exemption 3, 5 U.S.C. § 552(b)(3), which exempts from disclosure any information that is protected from disclosure under another federal statute. Based on the fee provisions of the FOIA, 5 U.S.C. § 552(a)(4)(A), and the Commission's Rules ofPractice, 16 CFR § 4.8 et seq., as amended, I am not enclosing an invoice. If you are not satisfied with this response to your request, you may appeal by writing to Freedom oflnformation Act Appeal, Officeof the General Counsel, Federal Trade Commission, 600 Pennsylvania Avenue, N.W., Washington D.C. 20580, within 30 days of the date of this letter. Please enclose a copy of your original request and a copy of this response. Ifyou believe that we should choose to disclose additional materials beyond what the FOIA requires, please explain why this would be in the public interest. If you have any questions about the way we are handling your request or about the FOIA regulations or procedures, please contact Julian Chender at (202) 326-2631. Sincerely, C---'-, 7l,-:7 · 4 _ ., / ✓Z&-J-4 .. .· > �� ..._~� J Dione J. Stearns AssistantGeneral Counsel ·, .,,! July 2, 20-12 Associate Director of Enforcement Bureau of Consumer Protection Federal Trade Commission 600 Pennsylvania Avenue NW Wasl1ington, DC 20!580 Dear Associate Director of Enforcement: Pursuant to Section IV of the Google Buzz Consent Order, In the Matter of Google Inc., FTC Docl<et No. C-4336 (Oct. 28, 2011), Google hereby submits its Initial Assessrnent Report on Google's Privacy Program ("Assessment Report") prepared by third party Pricewaterl1ouse Coopers LLP. As autt1orized by law, Google requests that the Cornrnission keep the designated portions of tt1e attacl1ed Assessment Report confidential pursuant to '16 C.F.R. § 4.9(c)(1 ). The enclosed request sets out the basis for confidential treatment. I affirm under penalty of perjury under the laws of the United States of America that the attached is a true and correct copy of the Initial Assessment Report on Google's Privacy Program ("Assessment Repo,rt") prepared by third party Pricewaterhouse -· 1 Coopers LLP. Executed on 1- i. '_ Sincerely, Keith Enrigt1t Google Inc. Perkins I Coie 1201 Third Avenue, Suite 4800 Seattle, WA 98101-3099 Albert Gidari PHONE: 206,359,8000 PHONE: (206) 359•8688 FAX: 206.359,9000 FI\X: (206) 359-9688 EMAIL: [email protected] www.perklnscole.com July 3, 2012 Associate Director of Enforcement Bureau of Consumer Protection Federal Trade Commission Washington, D,C. 20580 Re: In the Matter of Google Inc., F.T.C. Docket No. C-4336; ConfidentialityRequest for Initial Assessment Report on Google Inc,'s Privacy Program Dear Associate Director of Enforcement: Google Inc. ("Google") requests that the Commission keep confidentialthe designated portions of the Initial Assessment Report on Google's Privacy Program (" Assessment Report"). Commission rules permit "[p]ersons submitting material to the Com.missiondescribed in this section" to "designate that material or portions of it [are] confidential and request thatit be withheld fromthe public record." 16 C,F.R. § 4.9(c)(l). Sufficientevidenc e to grant a request forconfidential treatment includes a showing that Google is likely to suffer substantial competitive harm,which can be demonstrated by showing that Google is (1) engaged in competition, (2) disclosure of the Assessment Report would result in a likelihood of substantial injury that (3) flowsfrom a competitor's affirmative use of proprietary information. See Public Citizen Health Research Group v. FDA, 704 F.2d 1280, 1288 (D.C. Cir. 1983) (describing required showing to demonstrate confidentialtreatment under the Freedom of InformationAct, 5 U.S.C. § 552(b)(4)); Gulf& W. Indus. v, United States, 615 F.2d 527 (D.C. Cir. 1980); Nat'! Parks& Conservation Ass 'n v. Morton, 498 F.2d 765, 770 (D.C. Cir. 1974); see also Gilda Indus. v. U.S. Customs & Border Protection Bureau, 457 F. Supp. 2d 6, 9 (D.D.C. 2006). This standardis met here. Google is engaged in competition. Much of the report describes the steps taken by Google to protect the privacy and confidentiality of user informationand Google's internal procedures to do so. Disclosure of these steps and procedures necessarily compromises that goal, as well as causing commercial harm to Google and potentially its users. The Assessment Report contains detailed confidential and proprietary information regarding the design of Google's privacy program, including its impact on the development and review of products and services; the manner in which personal information is maintained within Google; ANCHORAGE· BEIJING, BELLEVUE, BOISE, CHICAGO· DENVER· LOS ANGELES· MENLO PARK OLYMPIA, PHOENIX, PORTLAND• SAN FRANCISCO, SEATTLE• SHANGHAI· WASHINGTON, D.C. Perkins Cole LLP and Affiliates Associate Director of Enforcement July 3, 2012 Page 2 and related business processes. If disclosed, this otherwise non-public informationcould be easily used and exploited in an unfairmanner by various competitors in the Internetservice provider business seeking to harm Google commercially. Indeed, at least one of Google's fiercest competitors is subject to a similar consent decree requirement and the design of Google's privacy program is thereforecompetitively sensitive. (b)(3):6(f),(b)(4) Google thereforerequests that the Commission keep the designated portions of this Assessment .Report confidential consistent with the Commission Rules, 16 C.F.R. § 4.9(b)(7), (c); the relevant provisions of the FTC Act, 15 U.S.C. §§ 46(f), 57b-2(a-f); FOIA exemptions three, four, and seven, 5 U.S.C. § 552(b)(3), (4), and (7); and all other applicable statutes, regulations, and customary confidentialitypolicies, Section 21(c)(l) of the FTC Act, 15 U.S.C. § 57b-2(c)(l), prohibits the Commission fromdisclosing informationmarked confidentialexcept in accordance with Sections 21(c)(2) and (3); see also 15 U.S.C. § 57-b(2)(c)(2) (requiring the Commission to "notifysuch person in writing th.at the Commission intends to disclose the document at a date not less than 10 days afterthe date of receipt of the notification"); 15 U.S.C. § 57-b(2)(c)(3) (permitting a person to bring an action in United States District Court to restrain disclosure of materials pursuant to Section 2l(c)(2)). In the event any third party (including any other governmentalagency or body) seeks disclosure of, or access to, these materials, whether under FOIA or another context, Google requests to be timely notified by your officeand given an opportunity ·to object to any such disclosure or grant of access, consistent with the FTC Act and CommissionRules. 15 U.S.C. § 57-b2(c); 16 CFR§ 4.9(c)(l); 16 CPR§ 4.l0(e). Furthermore, in the event that your officediscloses the Assessment Report to any third party, Google requests that you advise such third party of its highly confidential nature. Associate Director of Enforcement July 3, 2012 Page 3 · Consistent with the EnforcementBureau Instructions regarding the submission of confidential and proprietary trade secret business information, Google has submitted two copies of the Assessment Report: one copy in its entirety, and another "redacted" copy in which the confidential portions are redacted and replaced with the word 'redacted,' thereby preserving the original formatting of the document. See Letter fromKatherine Robinson, Federal Trade Commission EnforcementBureau, In the Matter of Google Inc,, FTC Docket No. C�4336 (Nov. 28, 2011) ("Enforcement BureauInstructions"). Very truly yours, rJi � Albert Giqari /:r� AG:JRT pwc Initial Assessment Report on Google's Privacy Program For the period October 29, 2011 - April 25, 2012 FOIA -- Confidential Treatment Requested. The contents of this document contain PwC Proprietary Information that shall be protected from disclosure outside of the Government in accordance with the U.S. Trade Secrets Act, the U.S. Freedom of Information Act and/or any other similar Jaws. This repmt is intended solely for the information and use of the management of Google and the United States Federal Trade Commission and is not intended to be and should not be used by anyone other than these specified paities. pwc Google Inc. ("the Company") has implemented and maintains a comprehensive Privacy Program, which is documented in written policies and procedures. Google has designated specific officials as responsible for the Privacy Program. On October 22, 2010, Dr. Alan Eustace, Senior Vice President of Engineering announced the appointment of Dr. Alma Whitten as the Director of Privacy across Engineering and Product Management. Dr. Whitten and her team lead Google's implementation of effective privacy controls in Google products and services.