FTC spanks Google for tracking users without their consent

The $22.5 million fine is the largest in FTC history, but its symbolic value is worth far more.

So the mighty Google has agreed to bow to the Federal Trade Commission and fork over $22.5 million worth of greenbacks.

What did Google do to deserve this spanking? It willfully ignored the Do Not Track privacy settings built into Safari browsers by leaving advertising tracking cookies on users’ hard drives, while claiming to do the opposite on its Web site.

That little bit of doubletalk about Doubleclick was discovered by Stanford researcher Jonathan Mayer, who’s uncovered a number of privacy shenanigans by other firms as well. It was confirmed by researcher Ashkan Soltani, who was hired by the Wall Street Journal to suss out Mayer’s claims.

Essentially, Google fooled Safari into thinking that users were submitting a Web form, thus allowing third-party cookies to be deposited on their drives. If the user was logged in to Google, those cookies would be used to track them and deliver ads based on their Web activity – something Safari would normally block by default.

But let’s be clear about this: Google wasn’t sanctioned for violating users’ privacy. It was fined for saying one thing and doing another. The FTC has a broad mandate for shielding consumers against deceptive claims, but it has no authority to keep companies from acting like jerks. Had Google stated in some FAQ that it was deliberately bypassing Safari’s defaults to track users, the FTC would have little standing to take action.

The agency actually signaled its intent to fine Google a couple months ago; yesterday’s announcement signifies that Google said “Sure, we’ll pay that” instead of fighting. Why? Because in the grand scheme of things, $22.5 million is chump change to a company that pulled in nearly $38 billion last year. That works out to roughly five hours worth of income for the advertising behemoth.

The FTC could have fined Google much more – up to $16,000 per violation per day. Multiply that by the millions of Safari users and the months that Google cookies tracked these users against their will, and we’re talking serious money. But then Google probably would have fought it, and the FTC would have to exhaust its limited legal resources in fighting back. Now Google can pay what amounts to a parking ticket and move on without being forced to admit any wrongdoing. And the FTC gets to tell smaller ad firms that Big Fed is watching.

Naturally, this rubs some people the wrong way. The Competitive Enterprise Institute, a conservative think tank that opposes pretty much any form of government restriction on business, claims the FCC sanction “sends an ominous warning” that will “chill Internet innovation and hurt online startups.”

If by “Internet innovation” they mean “finding innovative ways to track users across the Internet against their will and then lying about it,” then I hope the CEI is correct. That’s exactly the kind of thing the FTC fine is supposed to chill. Because we’ve seen a lot of this sort of thing over the past three years, from ad networks creating Zombie Flash cookies to deliberately ignore Do Not Track cookies, to allegedly anonymous data collection that ends up capturing email addresses and other personal data, to Facebook’s sharing of your information with both third-party apps and advertisers in violation of its own privacy policies.

In almost every instance, those companies were caught in a lie by researchers or journalists and forced to recant after pressure from regulators. They didn’t tattle on themselves. So how can anyone possibly still argue that self regulation is working? Let’s hope it gets nice and chilly on the Internet for things like that.

The Google fine is more symbolic than anything. But it’s the right symbol at the right time.

Got a question about social media? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.

Now read this:

Facebook's 'man in the middle' attack on our data

Making Facebook private won't protect you

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon