Update: Google to pay $22.5M fine over privacy practices

The fine is the largest ever related to an FTC complaint

Google will pay a historic fine to settle U.S. government charges that it violated privacy laws when it tracked via cookies users of Apple's Safari browser.

The US$22.5 million civil penalty is the largest ever secured by the U.S. Federal Trade Commission for a violation of one of its orders, the FTC said on Thursday.

However, ConsumerWatchdog.org finds the settlement inadequate for various reasons, including the amount of the fine and the fact that it allows Google to deny guilt and liability.

The fine amount is "chump change" for Google, and the FTC shouldn't have agreed to a settlement unless Google was willing to make an admission of guilt, said John Simpson, director of the privacy project at ConsumerWatchdog.org.

"This is letting Google buy its way out of trouble," he said.

The consent decree states that "Defendant denies any violation of the FTC Order, any and all liability for the claims set forth in the Complaint, and all material allegations of the Complaint save for those regarding jurisdiction and venue."

In its complaint, which it referred to the U.S. Department of Justice, the FTC said that Google falsely told Safari users that it wouldn't place tracking cookies on their devices or serve them targeted ads.

The FTC said that with this misrepresentation, Google violated an existing privacy settlement it had reached with the agency.

The settlement also requires that Google disable all tracking cookies it placed on affected users' computers.

A

"The record setting penalty in this matter sends a clear message to all companies under an FTC privacy order," said Jon Leibowitz, chairman of the FTC, in a statement.A "No matter how big or small, all companies must abide by FTC orders against them and keep their privacy promises to consumers, or they will end up paying many times what it would have cost to comply in the first place."

According to the FTC, Google "for several months" in 2011 and 2012 placed tracking cookies on computers of Safari users when they visited sites in Google's DoubleClick ad network. Google had previously assured users that they would be exempt from such tracking and ad targeting because of the default settings in the Safari browser used in Macs, iPhones and iPads that block such cookies, the FTC said.

Instead, Google in many cases actively circumvented Safari's cookie-blocking settings in order to track these users, the FTC said.

The Center for Democracy and Technology praised the FTC's action, highlighting in particular that the agency moved quickly to address the issue and that in its complaint it faulted Google for acting in a way that the FTC said violates the code of conduct of the Network Advertising Initiative, to which Google belongs.

"This action demonstrates the FTC is a champion for consumer privacy rights," said Justin Brookman, CDT's Director of Consumer Privacy, in a statement.

A Google spokeswoman said via email that the FTC "is focused on a 2009 help center page published more than two years before our consent decree, and a year before Apple changed its cookie-handling policy." Google has now changed that page and "taken steps to remove the ad cookies, which collected no personal information, from Apple's browsers," she said.

The DOJ filed the complaint and proposed settlement on behalf of the FTC in U.S. District Court for the District of Northern California in San Jose this week. A The proposed consent decree is subject to court approval.

ConsumerWatchdog.org's Simpson said the organization is considering challenging the settlement by arguing that it doesn't serve the public interest if it doesn't include an admission of guilt from Google.

A similar view is shared by FTC Commissioner J. Thomas Rosch, the only one of five commissioners who voted against referring the complaint to the DOJ and approving the proposed settlement.

"There is no question in my mind that there is 'reason to believe' that Google is in contempt of a prior Commission order. However, I dissent from accepting this consent decree because it arguably cannot be concluded that the consent decree is in the public interest when it contains a denial of liability," Rosch wrote in a dissenting statement.

FREE Computerworld Insider Guide: IT Certification Study Tips
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies