Google pays record $22.5 million for Safari cookies
The rumors were true. Today, the US Federal Trade Commission fined Google $22.5 million for putting its hand in the Safari cookie jar. Technically, the amount is a settlement, but effectively a fine. The search and information giant circumvented Apple browser privacy controls to mine personal data.
Google isn't the only company accused of bypassing Safari privacy controls, but it is most answerable to regulators. The search company already is under 20-year oversight for violating the FTC Act. In October 2011, Google agreed not to misinterpret its consumer privacy practices.
"The record setting penalty in this matter sends a clear message to all companies under an FTC privacy order", Jon Leibowitz, FTC chairman says. "No matter how big or small, all companies must abide by FTC orders against them and keep their privacy promises to consumers, or they will end up paying many times what it would have cost to comply in the first place".
In February, Stanford grad student Jonathan Mayer discovered that Google and three other advertisers -- Media Innovation Group, PointRoll and Vibrant Media -- bypassed Safari cookie controls. "Unlike every other browser vendor, Apple enables cookie blocking by default", Mayer says. "Every iPhone, iPad, iPod touch, and Mac ships with the privacy feature turned on".
These advertisers successfully placed tracking code on computers and iOS devices, despite Safari's default configuration to prevent such activity.
Four days after releasing his initial findings, Mayer clarified them. "The circumvention behaviors affected all users, independent of whether they had a Google account, were logged into a Google account, or had made a choice about social advertising", he explains. "Google held an advantage over its advertising competitors that did not track Safari browsers. That advantage may have resulted in profit".
A consultant working for the Wall Street Journal later confirmed Mayer's findings and more: Out of the top-100 websites, 22 installed tracking code on desktop Safari, while 23 sites on iPhone.
According to the FTC, Google took advantage of a backdoor -- an exception allowing temporary cookies from the DoubleClick domain -- and placed others. So Safari users received tracking code even when cookies supposedly were blocked.
The FTC charged Google with violating its October 2011 agreement, leading to today's record settlement.