Google pays a fine to Federal Trade Commission because of Privacy breaches.
August 10, 2012 |
The Federal Trade Commission (FTC) has announced a settlement with Google for its misrepresentation of privacy assurances.
The statement provides:
Google Inc. has agreed to pay a record $22.5 million civil penalty to settle Federal Trade Commission charges that it misrepresented to users of Apple Inc.’s Safari Internet browser that it would not place tracking “cookies” or serve targeted ads to those users, violating an earlier privacy settlement between the company and the FTC.
The settlement is part of the FTC’s ongoing efforts make sure companies live up to the privacy promises they make to consumers, and is the largest penalty the agency has ever obtained for a violation of a Commission order. In addition to the civil penalty, the order also requires Google to disable all the tracking cookies it had said it would not place on consumers’ computers.
“The record setting penalty in this matter sends a clear message to all companies under an FTC privacy order,” said Jon Leibowitz, Chairman of the FTC. “No matter how big or small, all companies must abide by FTC orders against them and keep their privacy promises to consumers, or they will end up paying many times what it would have cost to comply in the first place.”
Google, the developer of the world’s most popular Internet search engine, generates billions of dollars in revenues annually from selling online advertising services, including the delivery of targeted ads online. Cookies are small pieces of computer text that are used to collect information from computers and can be used to serve targeted ads to consumers. By placing a tracking cookie on a user’s computer, an advertising network can collect information about the user’s web-browsing activities and use that information to serve online ads targeted to the user’s interests or for other purposes.
In its complaint, the FTC charged that for several months in 2011 and 2012, Google placed a certain advertising tracking cookie on the computers of Safari users who visited sites within Google’s DoubleClick advertising network, although Google had previously told these users they would automatically be opted out of such tracking, as a result of the default settings of the Safari browser used in Macs, iPhones and iPads.
According to the FTC’s complaint, Google specifically told Safari users that because the Safari browser is set by default to block third-party cookies, as long as users do not change their browser settings, this setting “effectively accomplishes the same thing as [opting out of this particular Google advertising tracking cookie].” In addition, Google represented that it is a member of an industry group called the Network Advertising Initiative, which requires members to adhere to its self-regulatory code of conduct, including disclosure of their data collection and use practices.
Despite these promises, the FTC charged that Google placed advertising tracking cookies on consumers’ computers, in many cases by circumventing the Safari browser’s default cookie-blocking setting. Google exploited an exception to the browser’s default setting to place a temporary cookie from the DoubleClick domain. Because of the particular operation of the Safari browser, that initial temporary cookie opened the door to all cookies from the DoubleClick domain, including the Google advertising tracking cookie that Google had represented would be blocked from Safari browsers.
The FTC charged that Google’s misrepresentations violated a settlement it reached with the agency in October 2011, which barred Google from – among other things – misrepresenting the extent to which consumers can exercise control over the collection of their information. The earlier settlement resolved FTC charges that Google used deceptive tactics and violated its privacy promises when it launched its social network, Google Buzz.
More information about the FTC case can be found at the Tech@FTC blog.
The Commission vote to authorize the staff to refer the complaint to the Department of Justice, and to approve the proposed consent decree, was 4-1 with Commissioner J. Thomas Rosch dissenting. The Commission issued a statement authored by Chairman Jon Leibowitz and Commissioners Edith Ramirez, Julie Brill, and Maureen Ohlhausen. In its statement, the Commission affirmed that the settlement is in the public interest because, based on staff’s investigative work, there is strong reason to believe that Google violated the prior order, and the $22.5 million fine is an appropriate remedy for the charge that Google misrepresented to Safari browser users how to avoid targeted advertising by Google. In his dissenting statement, Commissioner Rosch stated that it arguably cannot be concluded that the consent decree is in the public interest if it contains a denial of liability.
This case was filed with the invaluable assistance of the DOJ, which filed the complaint and proposed consent decree on behalf of the Commission in U.S. District Court for the District of Northern California in San Jose August 8, 2012. The proposed consent decree is subject to court approval.
NOTE: The Commission refers a complaint to the DOJ for filing when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. The complaint is not a finding or ruling that the defendant has actually violated the law. This consent order is for settlement purposes only and does not constitute an admission by the defendant that the law has been violated. Consent orders have the force of law when signed by the District Court judge.
Interestingly the Privacy Commissioner issued a statement on 7 August 2012 regarding Google Street View WI FI Collection.
It provides:
Google wrote to the Office of the Australian Information Commissioner (OAIC) on 27 July 2012 to advise that it had in its possession a portion of payload data collected by Google Street View vehicles in Australia. The payload data was collected from unsecured WiFi networks by Google in 2010. The OAIC conducted an investigation into the collection of the payload data under s 40(2) the Privacy Act 1988 (Cth). After that investigation Google advised the OAIC that in March 2011 all payload data was destroyed.
On 6 August 2012, the Privacy Commissioner wrote to Google asking them to destroy this data immediately and confirm that this has taken place via an independent third party. The Commissioner also asked Google to undertake an audit to ensure that no other disks containing this data exist, and to advise him once this audit is completed.