Google reportedly fined $22.5M for bypassing Safari privacy settings

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

The U.S. Federal Trade Commission will order Google to pay a $22.5 million civil penalty for sidestepping security settings in Apple's Safari web browser, bringing an end to a nearly six month long investigation.

According to Reuters sources, members of the FTC voted to approve a consent decree, allowing the internet search giant to settle the investigation without admitting liability. The claims are in-line with an early July report that said Google's settlement would be the largest in FTC history.

The FTC probe was initiated after a February Wall Street Journal investigation alleged Google and other ad networks bypassed Safari's security protocols. In order to override the browser's privacy settings the companies implemented code which misrepresented their ads as user form submissions, a method that proved to be an effective workaround against Safari's third-party cookie-blocking measures.

A subsequent report in May said government talks with Google could result in "tens of millions of dollars" in fines.

In a comment to AppleInsider, Google said:

The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.

Unlike other major browsers, Apple’s Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as “Like” buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content— such as the ability to “+1” things that interest them.

To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous— effectively creating a barrier between their personal information and the web content they browse.

However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.

Other ad networks that purportedly used the workaround include Vibrant Media, Media Innovation Group and Gannett PointRoll, though government action against the companies has yet to surface.

The FTC declined to comment on the matter and Google offered only a brief explanation, saying the government investigation was in regard to an out-of-date 2009 help center web page which didn't reflect changes made to Apple's cookie-handling policy.

"We have now changed that page and taken steps to remove the ad cookies, which collected no personal information, from Apple's browsers," a Google spokeswoman said.