Skip to main content

Google Could Pay $22.5 Million for Safari Violation

The Federal Trade Commission (FTC) and Google are reportedly close to agreeing on a $22.5 million settlement stemming from charges that the search engine giant bypassed the security settings in Apple's Safari browser. This will be the largest penalty imposed by the FTC on a single company, but is seemingly chump change compared to the nearly $38 billion in revenue Google earned in 2011 alone.

This won't be the first run-in with the FTC. The company previously had to settle with the commission over complaints regarding the now-defunct Google Buzz and the "misuse" of personal data. The agreement, established in March 2011, forced Google to adopt a comprehensive privacy program as well as submit to an independent privacy audit every two years.

One year later, the FTC caught wind of an article by the Wall Street Journal which claimed that Google linked Safari's browsers to its servers in order to see if account holders were signed into their Google accounts. This linking not only bypassed Safari's privacy settings, but also established additional cookies on the users' computers.

Unlike other Web browsers, Safari's default settings prevent sites from slipping cookies on the device, whether it's a smartphone or desktop. However the one exception enables users to engage in social media on other sites such as clicking the "like" button above an article. Google's temporary cookie allowed surfers to interact with the "+1" button, but the side effect was that it also allowed Safari to accept other tracking files from Google's ad network. Thus, Safari users saw ads based on their browser history which is a direct violation of Apple's privacy settings.

At the time, the FTC said that it was investigating whether Google had misrepresented itself when informing users that it would abide by Safari's privacy settings. It was also investigating whether Google violated its own Google Buzz consent decree as well. Google said that the user-tracking was inadvertent and didn't cause any harm to users, but so far both the FTC and Google have declined to comment on the investigation's status. Insiders claim the two are close to reaching an agreement.

"We cannot comment on any specifics," a Google representative said. "However we do set the highest standards of privacy and security for our users. The FTC is focused on a 2009 help center page published more than two years before our consent decree, and a year before Apple changed its cookie-handling policy. We have now changed that page and taken steps to remove the ad cookies, which collected no personal information, from Apple’s browsers."

The Wall Street Journal reports that Google could face other government actions outside the FTC probe. A group of U.S. state attorneys general are currently investigating the issue, and could fine Google $5,000 per violation. Overseas, the European Union is still investigating the Safari incident as part of a wide-ranging examination of whether Google's new privacy policy actually complies with Europe's data-policy regulations.

France's privacy-protection agency, Commission Nationale de l'Informatique et Libertés, or CNIL, is leading the pan-European investigation, the paper reports.

  • christarp
    That's it?
  • joytech22
    That's one big fine for personalized advertisements.
  • dthx
    So Google will now have to pay for using the security flaws built in Apple applications?
  • Isn't that more of Apple's fault?
  • andy_newton
    How about 500 Billion per violation
  • v3rlon
    No, it is not Apple's fault that Google deliberately wrote a piece of software to circumvent the privacy settings of it's browser. That is like saying it is your fault someone smashed the window in your car and stole your radio. Sure it is POSSIBLE to smash a window, but it is there for another purpose and it really does need to be there. In this case, there was a warning not to smash the window because it is against the law written on the glass, and Google still smashed it. And yeah, take them to the cleaners for doing it. You do not 'accidnetally' write a virus cookie to spy on people.
  • v3rlon
    Also, even in this article note that Google has been known to get liberal with personal data elsewhere. Note the part where Google claimed it was abiding by Apple Safari's privacy policy/settings when it was not because it wrote software to get around the privacy settings (and at the same time lying to it's users about what they were signing up for in the consent for Google Buzz). You can hate Apple products, pricing and everything, about them, but Google was in the wrong here, and they have history of being in the wrong with this.
  • digiex
    It's in safari's privacy settings, Apple should had secured it in the first place. So, it's a security flaw.

    But Google should have reported it and not exploited it.
  • john_4
    I'm moving away anything google. dropped my iGoogle home page and the last thing to drop is Gmail as soon as I find a good replacement for it.
    Google is run by a bunch of leftists in bed with the Obama regime and they are now crusading for gay rights or what ever they want to call it. I call it sick.
  • scannall
    digiexIt's in safari's privacy settings, Apple should had secured it in the first place. So, it's a security flaw.But Google should have reported it and not exploited it.
    They had to write code to get around the security settings. That isn't an accident. They also did the same thing to IE users. 22.5 million is cheap. Lets see what the EU does.

    And yes, it is a big deal.