Google Said Near $22.5 Million Settlement in Browser Breach
Google Inc. (GOOG), owner of the world’s most popular search engine, is nearing an agreement to pay $22.5 million to settle a U.S. Federal Trade Commission probe over claims it violated user privacy on Apple Inc. (AAPL)’s Internet browser, a person with knowledge of the matter said.
The settlement would resolve an investigation over how Google’s software tracked user activities when they accessed the Safari browser, said the person, who asked not to be named because the matter hasn’t been made public. A Stanford University graduate student found this year that Google, using its DoubleClick ad network, violated users’ privacy via the Safari browser on devices such as the iPhone and iPad.
Google has drawn regulatory scrutiny and pressure from consumer advocates for the way it handles personal information. The Mountain View, California-based company signed a consent decree with the FTC last year to settle allegations that it used deceptive tactics and violated its own privacy policies in introducing the Buzz social-networking service in 2010.
The fine would be the largest ever the FTC has levied against a company and is further indication of the agency’s stepped-up efforts to prevent companies from getting unauthorized access to personal information on the Internet.
“This is a significant fine by the FTC,” said Jeffrey Chester, executive director of the Center for Digital Democracy, a Washington-based privacy advocate, adding that it sends a “clear message” that Google violated the law.
The company on April 12 reported first-quarter revenue of $8.14 billion, excluding sales passed on to partner sites. Profit before certain costs was $10.08 a share.
Cecelia Prewett, a FTC spokeswoman, declined to comment.
“We do set the highest standards of privacy and security for our users,” Google said in an e-mailed statement. “The FTC is focused on a 2009 help center page.” The company has now “changed that page and taken steps to remove the ad cookies, which collected no personal information, from Apple’s browsers.”
Bloomberg News, citing a person familiar with the matter, reported in May that the company was negotiating with the FTC over the size of the fine as the regulator prepared its case that Google deceived Safari users.
Software cookies, which help websites and browsers identify users, allowed Google to bypass Safari’s built-in privacy protections to aim targeted advertising at users of Safari. Google said at the time that it “didn’t anticipate this would happen” and that it was removing the files.
In last year’s consent decree, Google settled allegations it used deceptive tactics and violated its own privacy policies in introducing the Buzz social-networking service in 2010. The 20-year agreement bars Google from misrepresenting how it handles user information and requires the company to follow policies that protect consumer data in new products and to submit to regular privacy audits.
Chester said the FTC has focused on protecting people’s online information.
“This FTC has been a good privacy cop on the beat,” he said.
The FTC has the authority to levy fines for violations of its consent decrees of as much as $16,000 a day for each violation.
In 2010, the FTC issued its largest fine, $18.8 million, against Civic Development Group LLC, two of its executives and a related management company for a telemarketing campaign involving charity donations.
The agency issued its largest fine in a privacy-related case against data broker ChoicePoint Inc. in 2006 for compromises of personal financial records of more than 163,000 consumers. ChoicePoint agreed to pay $10 million in civil penalties and $5 million in consumer redress in a settlement with the FTC.