Google is reportedly in talks with the U.S. Federal Trade Commission over the amount of a fine the agency may give the search company for evading the default privacy protections on Apple’s Safari browser, the default Web browser found on all of Apple’s products, from Mac computers to the iPad and iPhone.
Although the FTC and Google dodged TPM’s questions about potential fines over the practice, which allowed Google to place digital files called cookies on potentially millions of Safari users to track their online activity and serve up custom ads, the Web privacy researcher at Stanford University who first caught Google red-handed in February told TPM that he believes the company should be fined.
“I believe a fine would be appropriate,” said Jonathan Mayer, a researcher and graduate student at Stanford Law School, in an email to TPM. “Google circumvented a privacy protection that is used by millions of Americans. It misled users about how they could prevent sharing their browsing history. It breached an agreement with the Federal Trade Commission. And, quite likely, it profited from this misconduct.”
Specifically, Mayer, who’s research led to a scathing Wall Street Journal expose on Google’s circumvention of the Safari settings, told TPM that he believes that the FTC needs to send a message to Google and other advertising companies that its regulatory power isn’t just lip service — carrying real consequences.
“It’s beyond peradventure that many technology companies, left to their own initiative, do not respect consumer privacy protections,” Mayer wrote. “Owing to the statutory limits of the FTC’s authority, first-time offenders have, for the most part, escaped serious fines and submitted to long-term consent orders. Critics have suggested that these consent orders are toothless. The FTC has an opportunity to demonstrate that its consent orders do have bite and that, in effect, it operates on a tough two-strikes system.”
Specifically, the “two strikes” rule could apply to Google in this case because the company already sparked the FTC’s ire back in 2011, when the agency investigated Google and concluded the company had violated its own users’ privacy by not making it clear to them that Google Buzz, the company’s former and failed social networking effort, would allow others to see a user’s most e-mailed contacts, among other privacy concerns.
Google got off relatively easily that time, escaping a fine but agreeing to a settlement with the FTC that requires Google to undergo third-party audits of its privacy programs every two years for the next two decades, as well as prohibiting Google from misleading consumers about its privacy practices.
However, the FTC warned in that case if Google violated the settlement, it could be hit with $16,000 fines for every infraction and on every day that an infraction occurred. It is unclear just how long the company was evading privacy settings on Safari browsers, but now, at least, Mayer told TPM the company appears to have stopped.
“It appears that Google no longer installs ad tracking cookies in Safari browsers,” Mayer told TPM. “I have not yet received confirmation from the company.”
Google said it stopped the practice of evading Safari privacy settings shortly after The Wall Street Journal published its piece on Mayer’s research back in February. Google also said it only bypassed the privacy settings of Apple’s browser to allow the company to display its “+1” buttons, used for Google’s new social network, Google Plus, to users.
Still, no matter what the outcome of the FTC case, Google is not out of hot water yet over consumer privacy — far from it: The company is still the subject of numerous overlapping and tangentially related privacy investigations by U.S. state attorneys general and European authorities.