Google has reportedly agreed to pay a record $22.5 million fine to the Federal Trade Commission to settle charges that it violated a privacy consent decree it signed with the agency, the Wall Street Journal reported Monday.
Google, which signed a 20-year privacy agreement with the FTC following the ill-fated Google Buzz, was investigated for using a sneaky, but well-known, tactic to bypass the strong default cookie settings on Apple’s Safari browser. Google defended the practice, saying it was simply trying to put a +1 button on Google Ads that could be used by signed-in Google users.
The proposed fine – one of the largest ever levied by the FTC – won’t hurt Google’s bottom line – at least not in the short term – but it’s a major PR loss for the search giant, which is battling with regulators in the States and in Europe over its privacy practices and accusations that it abuses its near-monopoly on search.
As privacy violations go, the Safari cookie workaround was rather minor, but little missteps by Google give authorities a way to publicly punish the company and try to force the company to be much more deliberate about privacy. Facebook is under a similar 20-year decree after the FTC accused the company of a litany of more major privacy violations, including bait-and-switch promises about what information was private, making misleading promises about app security and not deleting user photos when a user closed a Facebook account.
That said, the consent decree Google signed did not prevent the company from making a radical change to its privacy practices and policies in March that laid the groundwork for Google to create the web’s most comprehensive – and potentially scary – online profiles of users. Google followed all the best practices – notifying users prominently – even annoyingly – for months about the change.
But we live in a country with an absence of any real privacy legislation that requires large companies, both online and offline, to abide by Fair Information Practices. Those require companies to tell you when and why they collect data, use the data only for the original purpose, allow you to opt-out, and let you see and correct the data collected about you. That’s how an Irish Facebook user was able to force the social networking giant to divulge all the info the company had stored about him.
So good on the FTC for smacking Google’s hands for reaching into the Safari cookie jar.
But until there’s a real privacy framework that governs not just Google and Facebook but also your credit card company and creepy data brokers, privacy actions by U.S. regulators amount to not much more than Occupy protestors wielding eye-catching over-sized puppets outside a greedy investment firm as a way to reform a rapacious financial system.
Which isn’t to say such tactics are useless — even Bloomberg’s news stories now routinely refer to the 1%, but it’s a circuitous tactic used by the largely powerless to try to reform the powerful.
Your privacy deserves better.