Over the last couple of weeks we've seen several reports that claimed the FTC was going to fine Google $22.5 million for bypassing users' security settings in Safari. At the beginning of August, word on the street was that Google and the FTC were close to agreeing on a settlement. Today, the Federal Trade Commission announced that it had indeed reached a settlement with the search giant for violating an earlier FTC privacy settlement.
Valued at $22.5 million, the civil penalty is the largest ever obtained for a violation of a Commission order and settles charges that Google tracked Safari users via cookies and served targeted ads despite the browser's default settings not allowing the search company to do so. Google is also required to disable all the tracking cookies that it wasn't supposed to place on consumers' computers.
"The record setting penalty in this matter sends a clear message to all companies under an FTC privacy order," said Jon Leibowitz, Chairman of the FTC. "No matter how big or small, all companies must abide by FTC orders against them and keep their privacy promises to consumers, or they will end up paying many times what it would have cost to comply in the first place."
Back in February, the Wall Street Journal reported that Google and other ad networks were taking advantage of a certain exception within the Safari browser. You see, Apple's Safari is set to block third-party cookies by default, accepting cookies only from sites that a user visits or interacts with. The exception to this rule allows cookies if you interact with a form or advertisement in certain ways. The Journal reported that Google and other ad networks took advantage of this exception by using an invisible form and its +1 Google+ recommendation system. Essentially, Google allowed Safari users who had signed into Google+ to interact with DoubleClick ads using an embedded '+1' button. This would then send off an invisible form that would have Safari think the user had provided permission for cookies to be stored.
At the time, Google said it used the workaround to enable signed-in G+ users the ability to +1 content around the web but was unaware it inadvertently enabled the advertising cookies. However, the FTC worried that Google was violating a previous privacy agreement and launched an investigation into the issue. The FTC this week said that that Google's misrepresentations violated an October 2011 settlement that barred Google from misrepresenting the extent to which consumers can exercise control over the collection of their information.