Google has agreed to pay a $22.5m fine to settle Federal Trade Commission charges that it deceived users about tracking “cookies”, which it used to serve them targetted ads in the Safari browser.
The penalty, the same as expected when we reported its likelihood a month ago, represents a record sum for the FTC but a piddling amount for the search giant.
Of course, there are larger non-monetary issues at stake here – the FTC said the settlement was part of its ongoing efforts to make sure companies lived up to the privacy promises they made to consumers.
In this case, Google had informed users the Safari browser automatically opted them out of its tracking cookies by blocking such conveyors of personal web behaviour. But the FTC said it went on to circumvent this blocking, exploiting an exception in the browser’s settings.
Four out of the five FTC commissioners approved the settlement. The dissenting one, J. Thomas Rosch, objected to Google being able to deny liability as part of the settlement, even though it was in clear contempt of a previous settlement with the FTC that had barred Google from misrepresenting how much control consumers had over their information. He said $22.5m represented “a de minimis amount of Google’s profit or revenues”.
One activist group supported his views: “It is clear that the biggest fines aren’t a deterrent if it only takes [five hours of revenues] to pay them off and the perpetrator never even has to admit guilt,” said the Association for Competitive Technology, which represents small tech companies.
However, the Competitive Enterprise Institute, a public interest group on regulation, sprang to Google’s defence: “Google’s only mistake here was failing to realise a software tweak by Apple rendered one of Google’s help pages inaccurate,” it said.
“There is no evidence that any users were ‘taken in’ or harmed by this inaccurate help page, nor does the FTC allege that Google knew or should’ve known that its help page was wrong.”
It warned: “Under this precedent, Internet companies that lack perfect knowledge of other firms’ privacy decisions risk facing severe FTC fines for accidental, trivial misstatements.”
The official line from the Googleplex on Thursday was: “We set the highest standards of privacy and security for our users.”
However, this reads as yet another “whoops!” moment of Google’s standards slipping, one that ranks alongside its Buzz service exposing email accounts in 2010 and its collection of users’ data over Wi-Fi with its “Street View” cars around the world.