The fine – $22.5m - was handed down after Google deliberately placed cookies to track a user’s web activity that avoided Safari’s usual default-block on cookies from ‘third party’ sites, such as advertising networks.
Big Brother Watch has repeatedly made the case for consumer control over personal information, and the ability of consumers to be able make an informed choice about how they share information about them. In this situation, consumers were neither aware nor asked for their consent – indeed, many may have believed their privacy was protected by using Safari.
It is a very dangerous precedent for companies to deliberately circumvent privacy protection and so we welcome this ruling as an important milestone in returning to consumers true control over their personal information.
As we have often warned, where businesses rely on personal information to offer better targeted advertisements there will be inherent tension between respecting consumer privacy and pursuing profit. Staff will inevitably come under commercial pressures, as in any other business. Big Brother Watch believes that innovation and technology will address this in the future, but that regulation is essential where companies seek to over-ride consumer choices about sharing their data.
Consumer choice is key to a dynamic economy that balances individual rights with commercial services. This case should be a warning to any business that fails to respect those rights.
It’s worth noting some of the company’s statements and the thoughts of the Jonathan Mayer, the Stamford researcher who discovered the Safari ‘hack’.
Google initially claimed “Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content — such as the ability to “+1” things that interest them.”
Not according to Mayer: “The circumvention behaviors affected all users, independent of whether they had a Google account, were logged into a Google account, or had made a choice about social advertising.”
But surely this didn’t matter, as Google claimed that “the information passing between the user’s Safari browser and Google’s servers was anonymous“ Again, Mayer disagrees: “Identifying and identifiable information was collected.” Indeed, Google went on to say that “these advertising cookies do not collect personal information.” As highlighted by Pam Dixon from the World Privacy Forum, “Cookies are a form of ID tags that link information. Even if no personal information is contained in the cookies themselves, the cookies can act to link information and can therefore act as de-facto identifiers.”
Ok, so maybe it did set cookies, but it was all an accident, honest! So said Google on the 18th February. Hardly a ringing endorsement of the company’s privacy policies, it is also a questionable statement as pointed out by the Editor-in-Chief of Search Engine Land, who said Google “deliberately worked around something in Safari to make ads work in the way it wanted them to work, regardless of whether the user wanted that or not.”
The whole episode comes amid serious concerns about the company’s attitude towards user privacy. For one of the most financially successful companies on the planet, it seems to be very unlucky when it comes to privacy-related mishaps. Google themselves recognised this on May 23, 2012 “[Google Buzz, the Street View Wi-Fi incident, and the Safari Cookie episode] were separate and were not approved or were mistakes. Wi-Fi was a mistake, we reported it when we found out.”
Or perhaps there’s another explanation.
“Google circumvented a privacy protection that is used by millions of Americans. It misled users about how they could prevent sharing their browsing history. It breached an agreement with the Federal Trade Commission. And, quite likely, it profited from this misconduct.” So thinks Jonathan Mayer.
Marc Rotenberg, Executive Director, Electronic Privacy Information Center, agrees. “What they said about how this would work for Safari users turned out not to be true. And they benefited (financially) from this.”