Google to pay $22.5 million fine for Safari privacy evasion
NEW YORK (CNNMoney) — Nine months. That’s how long Google’s privacy settlement with federal regulators lasted before the company racked up its first violation.
Google has a preliminary deal in place with the U.S. Federal Trade Commission to pay a $22.5 million fine for evading some privacy settings on Apple’s Safari Web browser, a source with knowledge of the settlement told CNN.
The fine would be the largest penalty ever levied on a single company by the FTC over privacy issues, but it’s still a financial wrist-slap for Google, which earned $2.9 billion last quarter.
Under the terms of the deal, which remains subject to approval from FTC commissioners, Google would admit no wrongdoing.
Google has previously acknowledged skirting the privacy settings on Apple’s Safari Web browser, a move that let advertisers track users in unintended ways. Google immediately disabled the technology when privacy researchers exposed it in February.
Asked to comment on its deal with the FTC, Google provided CNN with the following statement: “We cannot comment on any specifics. However we do set the highest standards of privacy and security for our users.”
An FTC spokesman declined to comment on the issue.
The Safari controversy erupted five months ago after a researcher at Stanford University found that Google had overridden Safari’s default privacy settings.
That sounds dire, but the actual consequences of Google’s evasion were fairly trivial. The maneuver related to ad targeting and allowed advertisers to deliver messages customized to users’ recent browsing history. Individual users’ personal information was never collected.
Sites use files called “cookies” to follow users’ movements and log-ins as they travel through the Web. Apple’s Safari has far stricter tracking restrictions than any other major browser: By default, it blocks third-party cookies. That’s a problem for ad networks like Google’s, which rely on those cookies to measure their campaigns and to enable some ad functions.
Google admitted using a technical maneuver to evade Safari’s default settings. The problem, pointed out by Stanford University researcher Jonathan Mayer, was that Google’s workaround went much further than Google apparently realized.
“The Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen,” Google told CNNMoney at the time. “We have now started removing these advertising cookies from Safari browsers.”
Google’s Safari dodge caught the attention of the FTC, which is monitoring Google’s compliance with the company’s privacy pledges under the terms of a settlement deal finalized in October.
The October deal stemmed from Google’s blunders with Google Buzz, an early social networking effort that violated Google’s written privacy policies. Google agreed to undergo regular, independent privacy audits and to pay penalties of up to $16,000 per individual violation for any future privacy missteps.
In its statement to CNN about its talks with the FTC, Google emphasized that it considers the Safari skirmish a minor one.
“The FTC is focused on a 2009 help center page published more than two years before our consent decree, and a year before Apple changed its cookie-handling policy,” the company said. “We have now changed that page and taken steps to remove the ad cookies, which collected no personal information, from Apple’s browsers.”
— CNN’s Dan Simon contributed reporting