Google Nicked in Safari Privacy Kerfuffle
Aug 10, 2012 5:00 AM PT
Google has agreed to pay the U.S. Federal Trade Commission a US$22.5 million fine to settle allegations that the search engine giant violated the privacy of Safari browser users.
The fine, which is the largest the FTC has ever imposed, is part of its ongoing effort to enforce consumers' online privacy rights.
Google purposely violated an agreement with the FTC by planting cookies on Safari, the commission alleged.
Google and other display advertising companies used the cookies to track Web user behavior and refine ad targeting. For instance, a user who routinely searched for vegetarian recipes might be shown ads for a nearby vegetarian restaurant.
Although Google said Safari users would not be subject to the tracking, it designed the cookies to circumvent Apple's security settings for browser, according to the FTC.
Google has maintained that it collected no personal data with the cookies and said they have since been removed.
Win for Privacy?
For consumer privacy advocates, the record fine and the clear message from the FTC amount to a win.
"I think it's a good settlement that shows that the FTC is continuing to stay aggressive on privacy," Justin Brookman, director of consumer privacy at the Center for Democracy and Technology, told MacNewsWorld.
The commission intended to deliver a message to all companies that operate under an FTC privacy order, it said following the decision.
Yet this might not have been the ideal case to set an example, suggested Berin Szkoa, president of TechFreedom.
Google has maintained that it did not mislead customers intentionally; rather, when Apple changed Safari's security settings, Google's were unintentionally altered, as well.
"It's worth noting there was no data collected here," Szkoa told MacNewsWorld.
"There is an opportunity cost to everything that the FTC does," he pointed out. "In this one, they said they were trying to send a clear message, but the message that they're sending is one in the most aggressive fashion possible. It says we will impose [a penalty] without any explanation, for any violation conceivable, even if the something in violation was caused by a company you weren't working with."
The FTC and other large governing bodies are always going to have trouble keeping up with the rapidly evolving pace of technology innovations, said Szkoa.
A better solution might be to allow private companies to find, report and quietly fix security and privacy errors themselves, he said, rather than have the FTC make an example of high-profile violators.
"The basic back-and-forth with the FTC and companies is screwed up," Szkoa contended.
"As long as we're living in a world where people try to score PR points or build their own reputation by pulling a 'gotcha,' we're not going to see real problems be fixed," he said. "Consumers might be better served if we had a process set up for solving real problems throughout the industry, rather than just embarrassing one [company] in particular."
Even if those pricey reprimands from the FTC might intimidate other companies into falling in line with regulations that protect consumers, said CDT's Brookman, the commission still needs to make clear just what it expects from the companies it regulates.
"The FTC could just continue to be more aggressive with their existing authority -- and they should until they get new authority -- but there's still going to be an awful lot of uncertainty about the scope of the law," he pointed out, "which isn't great for users or companies."