Google to acknowledge privacy mistakes as U.S. seeks input

Leading internet search engine Google will acknowledge that it has made “mistakes” on privacy issues in testimony an executive of the Alphabet Inc (GOOGL.O) unit will deliver to a U.S. Senate committee on Wednesday, according to a document reviewed by Reuters.

“We acknowledge that we have made mistakes in the past, from which we have learned, and improved our robust privacy program,” Google chief privacy officer Keith Enright will say in written testimony before the Senate Commerce Committee. Google will testify alongside AT&T Inc (T.N), Inc (AMZN.O), Apple Inc (AAPL.O) and other companies amid growing concerns about data privacy.

Google’s written testimony did not identify specific prior mistakes but the company has come under fire for privacy issues.

In 2012, Google agreed to pay a then record $22.5 million civil penalty to settle Federal Trade Commission charges that it misrepresented to Apple Safari Internet browser users that it would not place tracking “cookies” or serve them targeted ads.

A year earlier, Google agreed to an FTC privacy settlement and regular privacy audits for 20 years after the government charged it used deceptive tactics and violating consumer privacy promises when it launched its social network, Google Buzz.

In August, Alphabet was sued and accused of illegally tracking movements of millions of iPhone and Android phone users even when they use a privacy setting to prevent it.

The U.S. Commerce Department said it was seeking comments on how to set nationwide data privacy rules in the wake of tough new requirements adopted by the European Union and California.

Also, the Justice Department said it held a “listening session” with state attorneys general on how the government can safeguard consumers online.

Senate Commerce committee chairman John Thune wrote that Congress must work on enshrining consumer data privacy protections into law.

Congress has questions about how internet companies sell advertising and use data from email accounts or other services. Thune wrote in The Hill newspaper that “mounting controversies” have fed doubt that tech companies can “regulate themselves and enforce real privacy safeguards for the collection and use of our digital data.”

Massive breaches of data privacy have compromised personal information of millions of U.S. internet and social media users, including notable breaches at large retailers and credit reporting agency Equifax Inc (EFX.N).

Enright’s testimony says “with advertising, as with all our products, users trust us to keep their personal information confidential and under their control. We do not sell personal information. Period.”

Andrew DeVore, an Amazon vice president, will tell the committee that new European privacy rules “required us to divert significant resources to administrative and record-keeping tasks and away from inventing new features for customers.”

Twitter data protection officer Damien Kieran will urge development of “a robust privacy framework that protects individuals’ rights … while preserving the freedom to innovate.”

The Commerce Department’s National Telecommunications and Information Administration (NTIA) this summer held more than 50 meetings with tech companies, internet providers, privacy advocates and others, hoping to develop a national standard.

The Internet Association, which represents more than 40 internet and technology companies, said this month it backed modernizing data privacy rules with a national approach that would pre-empt California data privacy regulations taking effect in 2020.

California Governor Jerry Brown signed the legislation aimed at giving consumers more control over how companies collect and manage their personal information. New rules in Europe are even more stringent.

The European Union General Data Protection Regulation took effect in May. Breaking privacy laws can now result in fines of up to 4 percent of global revenue or 20 million euros ($23.2 million), whichever is higher, as opposed to a few hundred thousand euros.