Google FTC Privacy Settlement Awaits Approval - InformationWeek
Healthcare // Analytics
02:21 PM
Connect Directly

Google FTC Privacy Settlement Awaits Approval

Federal Trade Commission said to be seeking a $22.5 million fine, its largest ever. Is it overkill?

Google Nexus 7 Tablet: 10 Coolest Features
Google Nexus 7 Tablet: 10 Coolest Features
(click image for larger view and for slideshow)
Google has reached an agreement to settle a Federal Trade Commission inquiry into its circumvention of privacy controls for Apple's Safari browser, according to a person familiar with the matter. The agreement now goes to the five FTC commissioners for approval.

The Wall Street Journal on Tuesday reported that Google's settlement will involve a $22.5 million penalty. That would be the largest fine imposed by the FTC to date, but significantly less than the $500,000 fine levied last year by the Justice Department for Google's promotion of unlawful pharmaceuticals. Google was fined $25,000 by the FTC in April for failing to comply with agency document requests related to its privacy investigation of Google's Street View.

"We cannot comment on any specifics," a Google spokesman said in an email. "However we do set the highest standards of privacy and security for our users. The FTC is focused on a 2009 help center page published more than two years before our consent decree, and a year before Apple changed its cookie-handling policy. We have now changed that page and taken steps to remove the ad cookies, which collected no personal information, from Apple’s browsers."

The FTC didn't immediately respond to a request for comment.

Google's decision to bypass privacy controls in Safari was disclosed in February by Stanford graduate student Jonathan Mayer.

The company previously defended its decision as an attempt to balance the privacy established as a Safari default and the expressed desire of Internet users, who might be both Apple and Google customers, to see personalized ads and content.

[ Read Google's Privacy Invasion: It's Your Fault. ]

Rachel Whetstone, SVP of communications and public policy, said at the time that Google bypassed Safari's controls "to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content--such as the ability to '+1' things that interest them."

Apple is the only major browser vendor that ships its Web browser with third-party cookie blocking turned on, a privacy feature that the company promotes. A technical change in Safari that Apple adopted in 2010, which established an exception for allowing third-party cookies, ended up making Google's 2009 help page language about how it handles Safari's privacy settings inaccurate. And because Apple made the change without much fanfare, Google evidently failed to realize that what it said was happening with cookies was not what was actually happening. It's this discrepancy that the FTC seeks to punish.

Since last year, Google has been required to submit to 20 years of independent privacy audits as a result of the company's mishandled launch of its now-defunct Buzz social network in 2010. The company violated its own privacy promises by using information gathered through Gmail to promote social networking, the FTC charged.

Google's inaccurate help page language is being viewed by the FTC as a violation of its Buzz settlement.

Google's decision to settle rather than fight the FTC's findings appears to be a pragmatic attempt to focus on more pressing legal challenges. Google is facing regulatory scrutiny in Europe as a result of its privacy policy consolidation this year, and also is under investigation by several states over its privacy practices. That's in addition to the various antitrust inquiries the company is dealing with in the U.S. and abroad.

Daniel Castro, a senior analyst for the Information Technology and Innovation Foundation (ITIF), a tech policy think tank, considers the settlement excessive given the absence of demonstrable harm arising from Google's actions.

"Unfortunately the FTC's proposed settlement shows that the FTC is focusing its limited resources on penalizing companies for unintentional actions that do not result in any actual user harm rather than directing these resources at cases where users suffer real harm or companies intentionally tried to mislead users," he wrote in a blog post. "As a result, this proposed settlement may discourage companies from fully disclosing details about their data handling practices in the future."

Employees and their browsers might be the weak link in your security plan. The new, all-digital Endpoint Insecurity issue of Dark Reading shows how to strengthen them. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll