Google agreed Thursday to pay a record $22.5 million fine for ignoring security settings in Apple’s Safari web browser that are designed to prevent advertisers from tracking users with cookies. The penalty is the largest the Federal Trade Commission has ever issued, and is the first ever for violations of its Internet privacy order.
Despite the record setting fine, FTC members issued a statement (PDF) noting that the fine posed no serious threat to the company, and that Google agreed to pay the fine only if it could “denial of the substantive allegations in the Commission’s civil penalty complaint.”
FTC commissioner J. Thoma Rosch voted against the order, saying the settlement was not in the public interest, because it allowed Google to deny the allegations raised by the FTC.
The settlement does not just cover Google’s bypassing of Safari’s settings, it also involves the larger issue of an agreement made last year between Google and the FTC addressing the privacy of users. The commission found that Google’s bypassing of Safari’s settings violated the earlier consent order.
Commissioners who voted for the deal wrote that the fine was an appropriate remedy for the charge that Google violated a Commission order.
“In our view,” they added, “the most important question is whether Google will abide by the underlying FTC consent order going forward.”
“This settlement is intended to provide a strong message to Google and other companies under order that their actions will be under close scrutiny and that the Commission will respond to violations quickly and vigorously.”
The FTC had charged that for several months in 2011 and 2012, Google placed an advertising tracking cookie on the computers of Safari users who visited sites within Google’s DoubleClick advertising network. The agency says the company did this despite promises to Safari users that they would automatically be opted out of such tracking as a result of the default settings in Safari on Macs, iPhones and iPads.
Google has denied any wrong doing. The company issued a statement saying:
We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.
Unlike other major browsers, Apple’s Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as “Like” buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content–such as the ability to “+1” things that interest them.
To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous–effectively creating a barrier between their personal information and the web content they browse.
However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.
Google remains under the consent order, and the FTC says it will levy additional fines if the search company continues to violate their agreement.