Back in February, Stanford researcher Jonathan Mayer discovered that Google, along with a few other companies, was intentionally circumventing Apple Safari's privacy feature using 3rd-party cookies. These slippery cookies allowed Google to provide Doubleclick ads that were specifically targeted at Safari users, quietly sneaking past the browser's tight privacy settings.
After the report went live, European regulators sent a detailed questionnaire to the company in March, seeking details -- the FTC wasn't too far behind. Google responded by saying it "didn't anticipate this would happen," and thus removed the offensive files in cooperation with officials investigating the complaints.
Now Google is having to negotiate with the Federal Trade Commission (FTC) over a possible multimillion dollar fine. The FTC has the authority to levy fines for violations of its consent decrees of up to $16,000 per day per violation. That means Google could end up paying well over $10 million dollars for its cookie "error."
But if the negotiations collapse, the FTC will push its case even further. Right now it's preparing to allege that Google deceived consumers and violated terms of a consent decree signed with the commission last year. Those terms prevent Google from misrepresenting how it handles user information, and requires the company to follow policies that protect consumer data in new products.
The consent degree stems from the Google Buzz fiasco that took place back in 2010. Google admitted to the FTC that it used deceptive tactics and violated its own privacy policies while introducing it's now-closed Twitter-like social network. The FTC retaliated by forcing Google to agree to new privacy policies in which Google has now violated again thanks to the Safari cookie incident.
In February Mayer said that Google was one of four parties that were placing trackable cookies in Safari. "Google and Vibrant Media intentionally circumvent Safari’s privacy feature," he said. "Media Innovation Group and PointRoll serve scripts that appear to be derived from circumvention example code."
Apple enables cookie blocking by default. Every iPhone, iPad, iPod Touch, and Mac ships with the privacy feature turned on, he added.