FTC Hits Google With $22.5 Million Fine, Largest in Agency History
The Federal Trade Commission has, in the last few years, become proponents of Internet privacy in the name of consumer protection. Which is why when it was reported that Google was tricking Safari into accepting cookies from websites, and in doing s0 monitoring their movements across the web, the agency leapt into action. Now, reports indicate that Google has agreed to pay the largest fine in FTC history: $22.5 million.
The Wall Street Journal initially broke the cookie-tricking story about six months ago, and yesterday reported that although the case is not yet closed, the record-setting size of the fine has been agreed upon.
There are two things at issue in the case. First, on the technical end, was what Google did to subvert cookie controls built into Apple’s Safari browser. Jeff Blagdon from The Verge explains:
By default, Safari only accepts cookies from sites that users have actually visited, or from things that the user clicks, like ads. In this default state, advertisers can’t leave cookies on users’ devices, so in order to get around the behavior, Google used some sneaky code to submit blank forms to its ad network, DoubleClick. These transmissions — of blank forms from users’ browsers — signaled that they were interacting with DoubleClick, telling Safari to allow its cookies; ostensibly to provide Google+ users with otherwise-barred +1 button functionality. Google has insisted that users signed into the social platform want the behavior, but unfortunately, setting the initial cookie green lights others coming from DoubleClick, including the “id” cookie that tracks users’ activity across multiple websites.
Google claims that it was only trying to work around the “+1” button issue and did not intend to track users’ movements around the web.
The second issue in the case is that Google promised it would never do this kind of thing again. From the Wall Street Journal:
In March 2011, the FTC charged Google with using deceptive tactics when it launched an online social network, Google Buzz. In October, Google signed a consent decree to settle the charges. It agreed to put in place a number of privacy-protecting measures, including a “comprehensive privacy program” to conduct privacy-risk assessments of Google’s products and services and to be audited by a third party every other year for the next two decades.
Unfortunately for Google, a Help page dated from 2009 said that Safari users could rest assured that the browser would protect them from unwanted cookie installation. This statement is in direct opposition to Google’s actions with the DoubleClick workaround and so triggered the provisions of the consent decree. This agreement reportedly called for a fine of $16,000 per day of violation.
However, it must be noted that although $22.5 million may well be the largest fine in FTC history, it is something of a pittance to Google. In fact, the WSJ figures that Google brought in that much every five hours if last year’s financial figures are accurate.
In reality, this seems like more of a triumph of enforcement than anything else. The FTC was able to forge this agreement with Google and actually applied its provisions. Interestingly, the FTC has similar decrees with other major websites like Facebook and Twitter. It seems that the agency has salted the net with them, and is now showing that the agency is perfectly willing to use the decrees to impose fines. Whether it will change company behavior is an open question.