FTC: Google settles for $22.5m in Safari tracking row

Google has agreed to pay a $22.5 million penalty to settle an ongoing privacy row with the U.S. Federal Trade Commission.  

The search behemoth was found to have bypassed Safari, Apple's desktop and mobile browser, and installed cookies, in spite of the browser's strong security settings which should have prevented such activity.

The FTC charged Google with placing advertising tracking cookies on computers and devices, which in many cases was conducted through circumventing the browser's cookie-blocking setting.

The federal regulator said that Google had agreed to pay the record penalty "that it would not place tracking "cookies" or serve targeted ads to those users."

Google must also disable all the tracking cookies it said it wouldn't place on consumers' devices in the first place. 

"No matter how big or small, all companies must abide by FTC orders against them and keep their privacy promises to consumers, or they will end up paying many times what it would have cost to comply in the first place," said FTC chairman Jon Leibowitz.

But Google escaped a full FTC investigation which could have made the settlement penalty look meager at best. The settlement does not constitute an admission that Google was in breach of the law. 

The whole ding-dong began in April when the FTC was said to have been "deep into an investigation" of Google's behavior and activities after it was accused by a security researcher of bypassing the privacy settings in the Safari browser.

But Google broke a promise that it would stick to a 2011 settlement agreement with the FTC a year earlier over controversy surrounding its Google Buzz service.

The first settlement said, among other things, that Google must not "misrepresent the extent to which consumers can exercise control over the collection of their information." The FTC then charged Google with using "deceptive tactics" and violated its privacy commitments when it launched Buzz in 2010.

The second time around, Google used code to install cookies on computers and mobile devices -- including Macs and Windows machines, iPhones and iPads -- to allow its Google+ social networking users to access the '+1' button within mobile advertisements, powered by Google's own DoubleClick network.  

The search giant admitted to the practice, saying "created a temporary communication link between Safari browsers and Google’s servers," but had stopped.

A Google spokesperson told ZDNet in an emailed statement:

We set the highest standards of privacy and security for our users. The FTC is focused on a 2009 help center page published more than two years before our consent decree, and a year before Apple changed its cookie-handling policy. We have now changed that page and taken steps to remove the ad cookies, which collected no personal information, from Apple’s browsers.

Google has faced a series of probes and investigations on both sides of the Atlantic over its privacy policies. Both U.S. and European authorities continue to investigate whether Google's consolidated privacy policy breaks data protection and privacy laws.

But considering 96 percent of Google’s revenue comes from online advertising, the FTC's fine was only a fraction of what it earns each year. Last year, Google earned more than $37.9 billion in revenue alone. 

According to ZDNet's editor-in-chief Larry Dignan: based on Google's Q2 sales (excluding traffic acquisition costs), $22.5 million amounts to about 5 hours of revenue.

Image credit: CNET.