recommended reading

Google agrees to pay record fine for privacy violations

AP file photo

Google has agreed to pay $22.5 million to settle allegations that it violated its privacy promises by bypassing the privacy settings of users of Apple’s Safari Internet browser in order to track them, the Federal Trade Commission said on Thursday.

“The record-setting penalty in this matter sends a clear message to all companies under an FTC privacy order,” commission Chairman Jon Leibowitz said in a statement. “No matter how big or small, all companies must abide by FTC orders against them and keep their privacy promises to consumers, or they will end up paying many times what it would have cost to comply in the first place.”

The FTC said that Google’s actions violated a consent decree that the Internet giant reached last year over the rollout of its now-defunct social-networking service, Buzz. Despite this, Google did not have to admit to any wrongdoing as part of Thursday’s settlement.

The penalty, which has reportedly been in the works for weeks, is the biggest fine the FTC has ever levied on a corporation for violating the terms of a previous settlement. While the fine is a drop in the bucket for a company that had nearly $45 billion cash in the bank at the end of 2011, FTC officials said Google could be subject to greater fines if the company commits additional violations.

“We have Google under order for another 19 years, and I think this civil penalty order sends [a message] to Google that the FTC isn’t kidding around,” FTC Consumer Protection Bureau Director David Vladeck said during a conference call with reporters. “If there are further violations, the FTC will insist on increasingly higher penalties.”

Last year, Google agreed to undergo an independent audit every two years for two decades as part of a settlement over allegations that it violated its privacy policies by automatically signing up Gmail users for Google Buzz.

The FTC alleged in its latest complaint that despite its promises to the contrary, Google between 2011 and 2012 placed electronic cookies on the devices of Apple’s Safari browser users to track those users for advertising purposes. In many cases, Google bypassed the default setting on Safari’s browser that blocked such cookies, the agency said.

Google has apparently removed the cookies from most of the affected consumer devices and will have until 2014 to finish the job, according to James Kohm, the FTC’s assistant director of enforcement.

The Internet giant has said it did not intentionally seek to violate Safari users privacy. “We set the highest standards of privacy and security for our users,” a Google spokesman said. “The FTC is focused on a 2009 help center page published more than two years before our consent decree, and a year before Apple changed its cookie-handling policy. We have now changed that page and taken steps to remove the ad cookies, which collected no personal information, from Apple’s browsers.”

Kohm said it doesn’t matter whether Google knew it was violating the terms of its 2011 settlement or not. Vladeck added that he finds it troubling that Google says it didn’t know, saying a company that handles sensitive information about millions of people needs to do a better job of protecting that data.

“I don’t know what’s worse, ‘I didn’t know’’ or ‘I didn’t do it deliberately,’ ” Vladeck said, adding that when a company says it wasn’t aware something was going on, “that sends a red flag to regulators.”

Vladeck noted that Google has raised this defense in the past — most notably over allegations in 2010 that Google’s Street View cars, which collect images for its mapping service, were collecting e-mail addresses and other payload data from unprotected home and business Wi-Fi networks. In that case, the FTC chose not to pursue any action against Google after the company agreed to delete the data collected and improve its privacy training for employees.

In addition to these privacy troubles, Google also is facing an antitrust investigation by the FTC over claims that the company favors its own products and services in its search results.

Rep. Edward Markey, D-Mass., cochairman of the Bipartisan Congressional Privacy Caucus, who joined other lawmakers in calling on the FTC in February to investigate Google over the Safari-privacy issue, praised the FTC for holding Google accountable.

“When consumers say 'No' to tracking, companies should not try to surreptitiously circumvent this preference,” Markey said in a statement. “Today’s announcement reinforces the need to vigorously monitor the promises technology companies make about protecting consumers’ privacy.”

But Consumer Watchdog, a frequent Google critic, said the fine was far too small and that the nonprofit group might seek to block the latest settlement unless Google admits to violating its 2011 consent decree with the FTC.

“While the $22.5 million penalty levied against Google is a record for the FTC, it is woefully insufficient, considering that Google refused to admit any liability or wrongdoing,” the group said.

Such a move by Google is unlikely, however, since companies rarely admit to wrongdoing when reaching such settlements. “Big institutions will never admit to liability because it does expose them” to other legal actions, University of Richmond law professor Carl Tobias said in an interview on Thursday.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.