Thirty-seven states are claiming a privacy victory against Google and will split a $17 million settlement from the search giant.

Google, which generated $2.97 billion in online advertising revenue in the third quarter, was deliberately bypassing default privacy settings in Apple’s Safari browser in order to serve targeted ads to consumers. A special snippet of code enabled Google, through its DoubleClick service, to drop cookies despite a default setting in Safari that blocked them.

The Wall Street Journal exposed the practice in early 2012 and Google quickly removed the offending code. That did not stop the attorneys general of 37 states and the District of Columbia from moving forward with legal action against Google that was settled this week. The states believed they had a case because Google did not make it clear to Safari users that cookies were being placed on their machines without their consent.

“Consumers should be able to know whether there are other eyes surfing the web with them. By tracking millions of people without their knowledge, Google violated not only their privacy, but also their trust,” New York Attorney General Schneiderman said in a statement. “We must give consumers the reassurance that they can browse the Internet safely and securely. My office will continue to protect New Yorkers from any attempts to deliberately expose their personal data.”

The settlement requires Google to not bypass cookie settings without a user’s consent, nor may it fail to inform consumers of how Google serves personalized ads to them via their browsers. In addition, Google must expire the cookies placed on Safari browsers from June 1, 2011 through Feb. 15, 2012 by February of next year.

Google must also maintain a website for five years that explains what cookies are and the privacy implications for consumers.

A Google spokesperson said in a statement: “We work hard to get privacy right at Google and have taken steps to remove the ad cookies, which collected no personal information, from Apple’s browsers.”

Last June, Google was forced to fork over $22.5 million to settle a similar charge by the U.S. Federal Trade Commission, to date the largest settlement in FTC history.

The penalty settled charges that Google violated an earlier settlement between the FTC and Google.

“Google exploited an exception to the browser’s default setting to place a temporary cookie from the DoubleClick domain,” read a portion of the June 2012 settlement. “Because of the particular operation of the Safari browser, that initial temporary cookie opened the door to all cookies from the DoubleClick domain, including the Google advertising tracking cookie that Google had represented would be blocked from Safari browsers.”

The initial settlement was in October 2011 and it claimed Google was deceptive and violated its privacy pact with users by misrepresenting the control that Safari users had over the placement of cookies on their machines.

Categories: Privacy