Google agrees to pay $17 million to 37 U.S. states in Safari tracking settlement

google tracking infographic

Google’s nefarious overriding of both desktop and iOS Safari users’ privacy settings in order to better track their web browsing activity backfired after the United States Federal Trade Commission (FTC) in April 2012 took a long, hard look at the practice and decided to fine the search giant.

Google has previously agreed to pay $22.5 million fine to the government, with a judge approving the record-setting penalty. And now, the Internet giant will pay 37 U.S. states a cool $17 million to settle the Safari probe case…

Reuters reported yesterday:

Google Inc will pay $17 million to settle allegations by 37 states and the District of Colombia that it secretly tracked Web users by placing special digital files on the Web browsers of their smartphones.

The deal, announced Monday morning, ends a nearly two-year probe by the states into allegations that Google bypassed the privacy settings of customers using Apple Inc’s Safari Web browser by placing “cookies” into the browser.

New York Attorney General Eric T. Schneiderman said:

Consumers should be able to know whether there are other eyes surfing the web with them. By tracking millions of people without their knowledge, Google violated not only their privacy, but also their trust.

Google said Monday it’s “taken steps to remove the ad cookies, which collected no personal information, from Apple’s browsers”.

The settlement includes the following 37 U.S. states: Alabama, Arizona, Arkansas, California, Connecticut, District of Columbia, Florida, Illinois, Indiana, Iowa, Kansas, Kentucky, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Nebraska, Nevada, New Jersey, New Mexico, North Carolina, North Dakota, Oklahoma, Ohio, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Vermont, Virginia, Washington and Wisconsin.

Google has also agreed to the following terms:

• Not deploy the type of code used in this case to override a browser’s cookie blocking settings without the consumer’s consent unless it is necessary to do so in order to detect, prevent or otherwise address fraud, security or technical issues.
• Not misrepresent or omit material information to consumers about how they can use any particular Google product, service, or tool to directly manage how Google serves advertisements to their browsers.
• Improve the information it gives consumers regarding cookies, their purpose, and how the cookies are managed by consumers using Google’s products or services and tools.
• Maintain systems designed to ensure the expiration of the third-party cookies set on Safari Web browsers while their default settings had been circumvented.

After the scandal blew up, the company fairly quickly admitted to tracking Safari users without their consent, by taking advantage of a loophole in the Safari browser to override users’ privacy settings.

A spokesperson for the company argued at the time:

We used known Safari functionality to provide features that signed-in Google users had enabled. We created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for personalized ads and other content.

However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser.

Google is not off the hook yet in the United Kingdom, where a group called Safari Users Against Google’s Secret Tracking took the company to court for having “breached their clients’ confidence and privacy”.

They’re seeking damages, disclosure and an apology from the company.