Google $22.5M FTC Penalty Draws Squawks
Google (NSDQ: GOOG) will pay a $22.5 million civil penalty to settle U.S. government charges that it skirted the privacy settings of millions of users of Apple’s (NSDQ: AAPL) Safari browser, the largest fine ever levied by the U.S. Federal Trade Commission (FTC) for violating one of its orders.
In its complaint, the FTC said that Google deceived Safari users into believing that it wouldn’t place tracking cookies on their iPhones or iPads or serve them targeted ads, as it had agreed in a 2011 deal with the federal agency.
The settlement was reported here and here last month as the paperwork awaited five FTC commissioners to sign off on the deal, effectively ending an FTC investigation into accusations that Google monitored users with cookies to circumvent their Safari security settings on the iPhone and iPad. The FTC alleged that Google violated a 2011 settlement over the rollout of its Buzz social network in which it used its Gmail to deceive users into signing on for the service. The FTC said at the time that it never before had issued an order requiring a company to “implement a comprehensive privacy program to protect the privacy of consumers’ information.”
Google then proceeded, according to the FTC, to circumvent the earlier order. Still, even as a repeat offender, Google got off without admitting any liability as part of the settlement. Can’t anybody play nice anymore?
It’s difficult not to conclude that the FTC wanted to punish Google for violating its 2011 order, rather than necessarily for what it had done. Averting users’ privacy is a serious issue, which, one would think, would prompt a far more solemn penalty.
“The record setting penalty in this matter sends a clear message to all companies under an FTC privacy order,” said Jon Leibowitz, FTC chairman, in a statement. “No matter how big or small, all companies must abide by FTC orders against them and keep their privacy promises to consumers, or they will end up paying many times what it would have cost to comply in the first place.”
Okay, that sounds tough enough, but in the wake of the FTC’s deal with Google, to some the search giant got off with barely a slap on the wrist. Not only doesn’t it have to admit any guilt but the amount of the fine, in the words of John Simpson, Consumer Watchdog’s privacy project director, is “woefully insufficient.”
Consumer Watchdog said it complained to the FTC in February after Stanford University’s Security Lab researcher Jonathan Mayer revealed how Google was circumventing privacy settings on Apple’s Safari browser.
“Google hacked past a key privacy setting on iPhones and iPads and other devices using Apple’s Safari browser, placed tracking cookies on them and then lied, saying the settings were still effective,” said Simpson. “Clearly it violated its agreement with the FTC. While the $22.5 million penalty levied against Google is a record for the FTC, it is woefully insufficient considering that Google refused to admit any liability or wrongdoing,” he said.
With the relatively minor fine, the FTC, said Simpson, “allowed Google to buy its way out of trouble for an amount that probably is less than the company spends on lunches for its employees and with no admission it did anything wrong.”
He’s got a point. Put into perspective, the $22.5 million fine, as articulated here, is about 30 percent below Google’s average daily profit in 2011. So why not a bigger fine, something that made Google feel the pain a bit more? Maybe Internet users don’t care all that much about privacy, perhaps other priorities are higher on the pecking order, or could it be that privacy protection sounds vigilant but putting teeth into guarding it is a bit more challenging and risky?