San Francisco. Google is poised to pay a $22.5 million fine to resolve allegations that it broke a privacy promise by secretly tracking millions of Web surfers who rely on Apple’s Safari browser, according to a person familiar with settlement.
The person who spoke to The Associated Press Tuesday asked not to be identified because the fine has yet to be approved by the Federal Trade Commission, which oversees online privacy issues in the US.
If approved by the FTC’s five commissioners, the $22.5 million penalty would be the largest the agency has ever imposed on a single company.
Even so, the fine won’t cause Google Inc. much financial pain. With $49 billion in the bank, the Internet’s search and advertising leader is expected to generate revenue this year of about $46 billion, which means the company should bring in enough money to cover the fine in slightly more than four hours.
But the circumstances surrounding the case may renew questions about the sincerity of Google’s “Don’t Be Evil” motto and raise doubts about the company’s credibility as it grapples with broader regulatory investigations into whether it has been abusing its influential position on the Internet to stifle competition.
“We do set the highest standards of privacy and security for our users,” Google said in a Tuesday statement. The company, which is based in Mountain View, California, emphasized the tracking technology inserted into the Safari browser didn’t collect any personal information.
Google will not acknowledge any wrongdoing under the proposed settlement, according to the person familiar with the terms.
The FTC declined to comment Tuesday.
The proposed settlement was first reported by The Wall Street Journal.
The FTC opened its investigation five months ago after a researcher at Stanford University published a study revealing that Google Inc. had overridden Safari safeguards that are supposed to prevent outside parties from monitoring Web surfing activity without a user’s permission.
The tracking occurs through snippets of computer coding, known as “cookies,” that help Internet services and advertisers target marketing pitches based on an analysis of the interests implied by a person’s Web surfing activity.
Google immediately withdrew its intrusive technology from Safari after the manipulation was reported.
But the circumvention of Apple’s built-in settings appeared to contradict a statement in Google’s online help center assuring users of Safari on personal computers, iPhones and iPad that the browser’s built-in settings already protected their online activities from being tracked by Google.
The apparent contradiction between Google’s words and actions became the focal point of the FTC investigation. That’s because Google late last year had settled with the agency on another privacy case revolving around a now-defunct service, called Buzz, that exposed people’s e-mail contacts when it debuted in early 2010.
The uproar over Buzz culminated in Google signing a 20-year consent decree that, among other things, included a company pledge not to mislead consumers about its privacy practices.
Each violation of the decree is subject to a daily fine of $16,000. The penalty in the proposed settlement of the Safari case doesn’t appear to be based on that formula, given that millions of people were using the browser for about four months between the time the Google signed the consent degree in October and the unauthorized tracking ceased in February.
By demanding that Google pay a record amount, the FTC may be trying to send a message that it intends to be more vigilant about privacy missteps as people conduct more of their lives online. The agency has been pushing Internet services and advertisers to voluntarily agree to refrain from tracking Web surfers’ activities without prior permission, but those calls so far haven’t been universally embraced.
Google has insisted its circumvention of Safari’s anti-tracking tools was inadvertent. The company has traced the mistake to changes Apple Inc. made to Safari in 2010. Google engineers weren’t aware of the Safari revision, resulting in the unintended tracking of Web surfers when the company only meant to make a minor tweak so people could press a button to show they liked an ad. The mix-up caused a conflict with the statement on Google’s help page, according to Google.
“The FTC is focused on a 2009 help center page published more than two years before our consent decree, and a year before Apple changed its cookie-handling policy,” Google said in its Tuesday statement.
The FTC’s proposed fine was applauded by Consumer Watchdog, a frequent critic of Google’s privacy practices.
The penalty “sends a strong message about the seriousness of Google’s wanton and egregious privacy violation,” said John Simpson, director of Consumer Watchdog’s privacy project.
An industry think tank, the Information Technology & Innovation Foundation, defended Google and warned the FTC’s crackdown may discourage other companies from sharing more information about their privacy policies.
“In this case, there does not appear to be any evidence that Google intended to mislead consumers,” Daniel Castro, an analyst for the group, wrote in a Tuesday blog post.
“Instead, the penalty is likely based on the fact that the company acted out of accordance with a statement that was posted on what appears to have been an outdated page of its help center. The takeaway for many companies will be that they are better off not sharing this information with consumers because then it can’t be used against them in the future.”