FTC Hits Google with $22.5 Million Fine over Privacy Violations
- By Kurt Mackie
- August 10, 2012
The Federal Trade Commission (FTC) has fined Google $22.5 million over the company's misrepresentations on privacy protections.
The fine is "the largest penalty ever for violation of a commission order," the FTC said in an announcement on Thursday. The order extends to a previous settlement with the FTC associated with Google's Buzz social networking application, where Google agreed to be transparent on its privacy policies.
Google had informed users of its services that the Safari browser's setting that permits users to opt out of ad tracking would be sufficient to avoid so-called "third-party" ad tracking. However, Google added code that would ensure that Safari users would get a tracking cookie sent to their computers, even if users had opted out via the Safari setting. Most Safari users likely expected to have their privacy protected from ad tracking since the Safari browser blocked these so-called "tracking cookies" by default.
Felten added that Safari users who opted out of tracking during the period in which Google was using this method likely got a Google DoubleClick tracking cookie set on their computers, but those cookies are being removed.
"As part of the settlement, Google agreed to destroy as many as possible of the DoubleClick tracking cookies placed on Safari users' computers during the relevant period," Felton wrote. "To its credit, Google started destroying those cookies early, without waiting for the settlement to be finalized, so virtually all of the relevant cookies should be gone by now."
Essentially, Google was penalized for contempt, according to sole dissenting FTC Commissioner J. Thomas Rosch. He explained why he didn't join the majority opinion against Google by noting that the consent decree contained "a denial of liability." Rosch appears to be arguing that allowing the denial of liability to stand sends the wrong message. He added that the penalty was too little.
"Fourth, it may be asserted that a denial of liability is justified by the prospect of a $22.5 million civil penalty. But $22.5 million represents a de minimis amount of Google's profit or revenues," Rosch wrote.
According to Google's Form 10-K filed with the Securities and Exchange Commission, Google brought in almost $38 billion in 2011, mostly from ad revenues. So a $22.5 million penalty, even being the "largest penalty" ever issued by the FCC, is relatively small, especially considering that the FCC considers Google to be a repeat offender on violating user privacy assurances.
Rosch has been inconsistent on browser privacy protection issues for consumers. For instance, he complained in June about Senate advocacy for Microsoft's policy of turning on a "do not track" feature in Internet Explorer 10 by default. Microsoft recently confirmed it was going ahead with this plan, even though the World Wide Web Consortium may be advocating for an opt-in approach. The do-not-track approach depends on voluntary observance by advertisers in order to work.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.