Google will pay a $22.5m fine to the FTC after tracking Safari browser users who had opted out of cookies, the largest fine ever levied by the Commission but still a drop in the internet ocean for the search giant. The settlement, rumored back in July, will also require Google to deactivate any tracking cookies inappropriately placed on users’ computers, and is being described by the FTC as “a clear message” that privacy rules are inescapable.
“The record setting penalty in this matter sends a clear message to all companies under an FTC privacy order,” FTC chairman Jon Leibowitz said of the fine today. “No matter how big or small, all companies must abide by FTC orders against them and keep their privacy promises to consumers, or they will end up paying many times what it would have cost to comply in the first place.”
Google’s mistake had been to circumnavigate blocking systems in Safari to use its own DoubleClick cookie, exploiting a loophole in the browser to store a temporary file. In the process, however, it also allowed through more permanent cookies from the DoubleClick domain, contravening FTC privacy rules.
In a vote by members of the Commission, four voted in favor of the complaint and one against; dissenting Commissioner J. Thomas Rosch wrote that [pdf link] while he agreed that Google had broken rules, he could not accept “this consent decree because it arguably cannot be concluded that the consent decree is in the public interest when it contains a denial of liability.”
That uncertainty wasn’t enough to save Google from the fine, which works out to $16,000 per violation per day. However, Google made $22.5m in the space of less than five hours based on its 2011 full-year financial results.
More important is how this affects FTC and Google relations moving forward. Google had previously committed to a settlement in October 2011, following concerns about deceptive tactics and privacy issues in Buzz, which along other things said it would no longer misrepresent data collection policies.