Google Settles With FTC Over Tracking Cookies, Pays $22.5M Fine

Google has agreed to pay a $22.5 million fine to the Federal Trade Commission to settle charges that the company set tracking cookies on the machines of Safari users, after saying that it would not use such tracking measures or serve targeted ads to the users. The FTC investigation began after a researcher at Stanford University found that Google was bypassing the do-not-track option in Safari. 

FTC Do Not TrackGoogle has agreed to pay a $22.5 million fine to the Federal Trade Commission to settle charges that the company set tracking cookies on the machines of Safari users, after saying that it would not use such tracking measures or serve targeted ads to the users. The FTC investigation began after a researcher at Stanford University found that Google was bypassing the do-not-track option in Safari. 

The payment from Google represents the largest civil fine that the FTC has ever gotten from a company for violating a previous FTC order. As part of a settlement in late 2011, the commission had earlier ordered Google not to misrepresent the ways in which users could control how much data is collected about them by the company.

In the more recent complaint, the FTC alleged that Google had violated users’ privacy by telling them that if they didn’t change the default DNT settings, they would not have tracking cookies placed on their machines because the DNT mechanism accomplished the same thing as them opting out of cookies. 

“The record setting penalty in this matter sends a clear message to all companies under an FTC privacy order,” said Jon Leibowitz, chairman of the FTC.  “No matter how big or small, all companies must abide by FTC orders against them and keep their privacy promises to consumers, or they will end up paying many times what it would have cost to comply in the first place.”

The research by Stanford’s Jonathan Mayer found that Google’s DoubleClick ad network was circumventing the default DNT settings in Safari, which block cookies, by using code in some of its pages that mimicked a user interacting with an ad element. User interaction will override the DNT setting and allow the cookie to be set on the user’s machine.

Although Google did not admit any wrongdoing as part of the settlement, the FTC commissioners said that the size of the penalty should be a clear message about the commission’s feelings on privacy.

“With a company of Google’s size, almost any penalty can be dismissed as insufficient. But it is hardly inconsequential to impose a $22.5 million civil penalty when the accompanying complaint does not allege that the conduct at issue yielded significant revenue or endured for a significant period of time. This settlement is intended to provide a strong message to Google and other companies 

under order that their actions will be under close scrutiny and that the Commission will respond to violations quickly and vigorously,” the FTC commissioners who voted in favor of the settlement said in a written statement.

Suggested articles

Discussion

  • Brandon on

    Where does the $22.5M go once Google has paid?  Does the FTC get to use the money for what it wants?

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.