Google is expected to pay a governmental fine of US$ 22.5 million to settle charges that it bypassed privacy settings on Apple users’ Safari browsers, according to various news reports. The fine by the U.S. Federal Trade Commission (FTC), which would be the largest in that agency’s history, would amount to the technology giant’s revenue stream for five hours.
The settlement, being reported in Wednesday’s Wall Street Journal and other news sources, relates to the company’s purported use of code that bypassed Safari’s “do not track” setting. Tracking of a user’s Web travel, through the installment of a small cookie or tracking file, is frequently used by advertising networks and others to target ads based on a user’s browsing history, but the practice has been criticized by privacy advocates.
+1 Button, Help Page
The Journal said that its reporting in February about Google’s practice led the company to discontinue the monitoring of users who had selected “do not track.” The Google tracking was originally discovered by a Stanford researcher, and contradicted published information from Google on a Help page, which said that Safari users could avoid tracking by Google by turning on the browser privacy settings.
After the Journal’s article appeared in February, Google removed that language, and said that the Help page had been posted in 2009, before Apple changed the way Safari handles cookies.
Google said that the tracking was not intended and that it didn’t harm those users. Safari prevents cookies from being installed on a user’s computer, but, by utilizing a Safari vulnerability, Google was able to install cookies nevertheless.
The Google-installed cookies allowed the company to display ads that contained a +1 button, a tie-in to the Google Plus social network so that users could indicate they “liked” an ad. Clicking the +1 button, however, also meant that additional Google-related cookies could be installed.
‘Known Safari Functionality’
In reply, Google has said that it used “known Safari functionality” to provide ads that added value for those users who were also signed into Google Plus. It did say, however, that the additional cookies, which were installed after +1 was clicked, were mistakes. At any rate, the company said, the cookies did not collect individually-identifiable information.
A settlement on this matter could be another blackeye to Google’s privacy profile. In October, the company agreed to a 20-year consent decree with the FTC because of various privacy violations. The agreement, on which the US$ 22.5 million fine is expected to be based, said that Google would not misrepresent its privacy practices and that it would undertake a variety of internal measures to step up its privacy self-enforcement.
The FTC began an online privacy initiative in 2010, which has included development of a voluntary set of privacy standards, including ones related to the do-not-track feature in browsers. The online advertising has accepted the do-not-track feature in principle, but details of implementation are still being determined.