Skip to main content

Google Could Pay $22.5 Million for Safari Violation

The Federal Trade Commission (FTC) and Google are reportedly close to agreeing on a $22.5 million settlement stemming from charges that the search engine giant bypassed the security settings in Apple's Safari browser. This will be the largest penalty imposed by the FTC on a single company, but is seemingly chump change compared to the nearly $38 billion in revenue Google earned in 2011 alone.

This won't be the first run-in with the FTC. The company previously had to settle with the commission over complaints regarding the now-defunct Google Buzz and the "misuse" of personal data. The agreement, established in March 2011, forced Google to adopt a comprehensive privacy program as well as submit to an independent privacy audit every two years.

One year later, the FTC caught wind of an article by the Wall Street Journal which claimed that Google linked Safari's browsers to its servers in order to see if account holders were signed into their Google accounts. This linking not only bypassed Safari's privacy settings, but also established additional cookies on the users' computers.

Unlike other Web browsers, Safari's default settings prevent sites from slipping cookies on the device, whether it's a smartphone or desktop. However the one exception enables users to engage in social media on other sites such as clicking the "like" button above an article. Google's temporary cookie allowed surfers to interact with the "+1" button, but the side effect was that it also allowed Safari to accept other tracking files from Google's ad network. Thus, Safari users saw ads based on their browser history which is a direct violation of Apple's privacy settings.

At the time, the FTC said that it was investigating whether Google had misrepresented itself when informing users that it would abide by Safari's privacy settings. It was also investigating whether Google violated its own Google Buzz consent decree as well. Google said that the user-tracking was inadvertent and didn't cause any harm to users, but so far both the FTC and Google have declined to comment on the investigation's status. Insiders claim the two are close to reaching an agreement.

"We cannot comment on any specifics," a Google representative said. "However we do set the highest standards of privacy and security for our users. The FTC is focused on a 2009 help center page published more than two years before our consent decree, and a year before Apple changed its cookie-handling policy. We have now changed that page and taken steps to remove the ad cookies, which collected no personal information, from Apple’s browsers."

The Wall Street Journal reports that Google could face other government actions outside the FTC probe. A group of U.S. state attorneys general are currently investigating the issue, and could fine Google $5,000 per violation. Overseas, the European Union is still investigating the Safari incident as part of a wide-ranging examination of whether Google's new privacy policy actually complies with Europe's data-policy regulations.

France's privacy-protection agency, Commission Nationale de l'Informatique et Libertés, or CNIL, is leading the pan-European investigation, the paper reports.