Google to pay $22.5M fine in privacy case

SAN FRANCISCO—Google is poised to pay a $22.5 million fine to resolve allegations that it broke a privacy promise by secretly tracking millions of Web surfers who rely on Apple’s Safari browser, according to a person familiar with settlement.

The person who spoke to The Associated Press on Tuesday asked not to be identified because the fine has yet to be approved by the Federal Trade Commission, which oversees online privacy issues in the US.

If approved by the FTC’s five commissioners, the $22.5 million penalty would be the largest the agency has ever imposed on a single company.

Even so, the fine won’t cause Google Inc. much financial pain. With $49 billion in the bank, the Internet’s search and advertising leader is expected to generate revenue this year of about $46 billion, which means the company should bring in enough money to cover the fine in slightly more than four hours.

But the circumstances surrounding the case may renew questions about the sincerity of Google’s “Don’t Be Evil” motto and raise doubts about the company’s credibility as it grapples with broader regulatory investigations into whether it has been abusing its influential position on the Internet to stifle competition.

“We do set the highest standards of privacy and security for our users,” Google said in a statement Tuesday. The company, which is based in Mountain View, California, emphasized the tracking technology inserted into the Safari browser didn’t collect any personal information.

Google will not acknowledge any wrongdoing under the proposed settlement, according to the person familiar with the terms.

The FTC declined to comment Tuesday.

The proposed settlement was first reported by The Wall Street Journal.

The FTC opened its investigation five months ago after a researcher at Stanford University published a study revealing that Google Inc. had overridden Safari safeguards that are supposed to prevent outside parties from monitoring Web surfing activity without a user’s permission.

The tracking occurs through snippets of computer coding, known as “cookies,” that help Internet services and advertisers target marketing pitches based on an analysis of the interests implied by a person’s Web surfing activity.

Google immediately withdrew its intrusive technology from Safari after the manipulation was reported.

But the circumvention of Apple’s built-in settings appeared to contradict a statement in Google’s online help center assuring users of Safari on personal computers, iPhones and iPad that they didn’t need to do anything more to ensure their online activities wouldn’t be logged by Google.

The apparent contradiction between Google’s words and actions became the focal point of the FTC investigation. That’s because Google late last year had settled with the agency on another privacy case revolving around a now-defunct service, called Buzz, that exposed people’s email contacts when it debuted in early 2010.

The uproar over Buzz culminated in Google signing a 20-year consent decree that, among other things, included a company pledge not to mislead consumers about its privacy practices.

Each violation of the decree is subject to a daily fine of $16,000. The penalty in the proposed settlement of the Safari case doesn’t appear to be based on that formula, given that millions of people were using the browser for about four months between the time the Google signed the consent degree in October and the unauthorized tracking ceased in February.

By demanding that Google pay a record amount, the FTC may be trying to send a message that it intends to be more vigilant about privacy missteps as people conduct more of their lives online. The agency has been pushing Internet services and advertisers to voluntarily agree to refrain from tracking Web surfers’ activities without prior permission, but those calls so far haven’t been universally embraced.

Google’s fine would surpass a nearly $19 million penalty that the FTC slapped on a telemarketer accused of duping people into believing they were donating to charities.

The FTC’s contention that Google reneged on its vow to be more forthright about its privacy practices comes at a time when the company is immersed in other government probes around the world that threaten to have a bigger impact on its business.

Just last week, Google submitted a proposal aimed at satisfying European regulators who have been investigating whether the company is unfairly highlighting its own services in its Internet search results while burying links to rival sites. The details of Google’s settlement offer haven’t been revealed.

The FTC is also examining many of the same issues under scrutiny in the European probe. Although that case is a separate matter, it may have swayed Google’s decision to settle the Safari privacy probe instead of defending its actions in court against the same agency in charge of the higher-stakes antitrust investigation.

Google has insisted its circumvention of Safari’s anti-tracking tools was inadvertent. The company has traced the mistake to changes Apple Inc. made to Safari in 2010. Google engineers weren’t aware of the Safari revision, resulting in the unintended tracking of Web surfers when the company only meant to make a minor tweak so people could press a button to show they liked an ad or Web page. The mix-up caused a conflict with the statement on Google’s help page, according to Google.

“The FTC is focused on a 2009 help center page published more than two years before our consent decree, and a year before Apple changed its cookie-handling policy,” Google said in its Tuesday statement.

Google initially sought to brush off another breach of privacy as a lapse of its internal controls, only to have regulators later present evidence that that company may have known more about the snooping than it divulged.

When Google revealed in that company cars dispatched to photograph neighborhood streets had collected emails, search requests and other personal information transmitted over Internet routers unprotected by passwords, the company blamed a rogue engineer who had written a snooping program. Earlier this year, the Federal Communications Commission released a report that concluded the engineer had told a senior manager at Google and other company employees about the data-collecting software.

The FCC didn’t find any evidence that Google broke the law, but fined the company $25,000 for obstructing its investigation.

The FTC’s proposed fine in the Safari case was applauded by Consumer Watchdog, a frequent critic of Google’s privacy practices.

The penalty “sends a strong message about the seriousness of Google’s wanton and egregious privacy violation,” said John Simpson, director of Consumer Watchdog’s privacy project.

An industry think tank, the Information Technology & Innovation Foundation, defended Google and warned the FTC’s crackdown may discourage other companies from sharing more information about their privacy policies.

“Unfortunately the FTC’s proposed settlement shows that the FTC is focusing its limited resources on penalizing companies for unintentional actions that do not result in any actual user harm rather than directing these resources at cases where users suffer real harm or companies intentionally tried to mislead users,” Daniel Castro, an analyst for the group, wrote in a Tuesday blog post.

Read more...