Google pays $17m to settle Safari cookie privacy-bypass charge

Settlement ends a two-year investigation into Google's cookie practices.
Written by Liam Tung, Contributing Writer

Google will pay $17m to settle claims by dozens of US states that it bypassed privacy settings in Apple's Safari browser designed to block third-party ad cookies.

The deal with 37 states and the District of Columbia prevents Google from installing cookies on any browser unless it has gained user consent.

Stanford privacy and law researcher Jonathan Mayer was the first to spot the issue, discovering that Google was using a snippet of JavaScript to override settings in Safari designed to prevent all third-party cookies from being installed in the browser.

Third-party cookies are used by ad companies such as ad company DoubleClick to deliver personalised ads, but have caused concern over their ability to track users' browsing habits across the web.

The states claimed that Google used the method to install cookies DoubleClick on Safari browsers between 1 June, 2011, until 15 February, 2012 without consumers' knowledge or consent.

They also claimed Google deceived consumers by telling them that Safari's default settings would block third-party cookies. 

"Google represented that consumers could avoid third-party cookies being placed in their Safari Web browsers simply by relying on the browser’s default settings," Connectictut attorney general George Jepsen said.

"This settlement resolves allegations that, while giving these very assurances, Google was actually bypassing those same privacy settings and placing advertisers' cookies on consumers' Safari browsers, without their knowledge or consent."

As Google explained at the time, bypassing the default settings to install ad cookies was an accidental outcome of it employing features in Safari intended to let signed-in Google users on the browser who had opted to see personalised ads to use its '+1' button on websites.

The settlement means Google doesn't have to admit any wrongdoing, however, it means the company has to underake a number of other duties, including to

  • Not misrepresent or omit material information to consumers about how they can use any particular Google product, service, or tool to directly manage how Google serves advertisements to their browsers.
  • Improve the information it gives consumers regarding cookies, their purpose, and how the cookies are managed by consumers using Google’s products or services and tools.
  • Maintain systems designed to ensure the expiration of the third-party cookies set on Safari Web browsers while their default settings had been circumvented.

Further reading

Editorial standards