Google Agrees to $17 Million Settlement

States Alleged Improper Tracking of Consumers
Google Agrees to $17 Million Settlement

Google has agreed to a $17 million settlement with 37 states and the District of Columbia over its unauthorized placement of cookies on computers using Apple Safari Web browsers in 2011 and 2012.

See Also: Top Trends in Cybercrime; 411 Million Attacks Detected in Just 3 Months

"By tracking millions of people without their knowledge, Google violated not only their privacy, but also their trust," says New York Attorney General Eric Schneiderman, in announcing the settlement. "We must give consumers the reassurance that they can browse the Internet safely and securely."

In a similar case, the Federal Trade Commission in August 2012 reached a $22.5 million settlement with Google, charging that it misrepresented its privacy promises to users of the Apple Safari Web browser. The fine was the largest civil penalty the FTC had ever obtained for violation of one of its orders (see: Google to Pay $22.5 Million FTC Fine).

Details of Case

Google, which operates the most popular search engine on the Internet, generates revenue primarily through advertising. Through its DoubleClick advertising platform, Google sets third-party cookies - small files set in consumers' Web browsers - that enable it to gather information about those consumers, according to Schneiderman's announcement. Depending on the type of cookie, this information could include consumers' Web-surfing habits, he notes.

Apple's Safari Web browser is set by default to block third-party cookies, including cookies set by DoubleClick to track a consumer's browsing history, the attorney general says. From June 1, 2011, until February 15, 2012, Google altered its DoubleClick coding to circumvent those default privacy settings on Safari, without consumers' knowledge or consent, enabling it to put DoubleClick cookies on consumers' Safari Web browsers, Schneiderman says. Google disabled this coding method in February 2012 after the practice was widely reported on the Internet and in the media, he adds.

The attorneys general of the states involved in the settlement alleged that Google's circumvention of Safari's default privacy settings for blocking third-party cookies violated state consumer protection and related computer privacy laws.

As part of the settlement, Google agreed to:

  • Not deploy the type of code used in this case to override a browser's cookie-blocking settings without the consumer's consent unless it is necessary to do so to detect, prevent or otherwise address fraud, security or technical issues;
  • Not misrepresent or omit material information to consumers about how they can use any particular Google product, service, or tool to directly manage how Google serves advertisements to their browsers;
  • Improve the information it gives consumers regarding cookies, their purpose, and how the cookies are managed by consumers using Google's products or services and tools;
  • Maintain systems designed to ensure the expiration of the third-party cookies set on Safari Web browsers while their default settings had been circumvented.

In a statement provided to Information Security Media Group, Google says: "We work hard to get privacy right at Google and have taken steps to remove the ad cookies, which collected no personal information, from Apple's browsers. We're pleased to have worked with the state attorneys general to reach this agreement."


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Howard J. Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 34 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network