Skip to main content

Federal Trade Commission Sends Strong Message with $22.5 Million Google Settlement

Written by Amy Malone

The FTC has finally released details of their settlement with Google, including the hefty price tag of $22.5 million, the highest fine ever slapped on a violator of an FTC consent order. The Internet giant was charged with breaking the terms of the consent order they entered into last year by misrepresenting how users could opt out of having certain cookies dropped on their browser.

A majority of Google's earnings is generated through online advertising, some of which is targeted at online users through the use of third party cookies.  Those third party cookies are "dropped" from an advertising network on a user’s Internet browser (e.g., Internet Explorer, Firefox, Safari) which then allows that network to track information such as what sites the user visits and this allows targeted ads to be sent to the user.   Some users prefer not to receive targeted advertisements, and there are ways for them to opt out of having these types of cookies dropped on their Internet browsers.

The Safari Problem. According to the FTC complaint, when Safari (a browser provided by Apple) users visited the Google “Advertising Cookie Opt-out Plugin” page they were told that if they left the Safari default settings on they didn’t have to do anything else because those settings prevent third party cookies from being dropped.  Safari’s default settings prevent third party cookies from being dropped except in limited circumstances such as when a site uses a “form submission,”  used in situations such as online purchases when a user enters information like an email address. It’s important to note that once Safari accepts a third party cookie from a site it accepts all cookies from that site.   In this case Google communicated with the Safari browser saying it was generating a form submission, but in reality Google was dropping a cookie from DoubleClick, their advertising network. Once the cookie was set, Safari then accepted all cookies from DoubleClick and  DoubleClick sent targeted advertisements to those users.  Google managed to circumvent the Safari settings and do exactly what they said they were not doing.

Google denies the allegations in the FTC complaint, but has agreed to pay the fine.   According to the FTC’s statement they have enough reason to believe Google violated the order and assessing the fine is in the public interest. The FTC asserts that this penalty helps ensure that Google will abide by the consent order and provides a “strong message” that the FTC is paying attention to consent orders and those that misstep will be brought to task “quickly and vigorously”.

The FTC has been busy on other fronts.   A cross-post from Mintz Levin's Employment Matters blog describes a recent $2.5 million settlement agreement reached with online background check provider, HireRight, for violations of the Fair Credit Reporting Act.

 

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.