Google's alleged circumvention of do-not-track controls on Apple's Safari browser could lead to big fines from the U.S. Federal Trade Commission if the agency determines Google has violated a privacy settlement the company agreed to in March, some privacy advocates said Friday.
Violations of a settlement with the FTC can lead to fines of $11,000 per incident. It's unclear how many times Google may have circumvented do-not-track protections on the Safari browser, distributed with iPhones, iPads, some iPods and Macintosh computers.
Google was "incredibly stupid" to slip tracking cookies into Safari, given that the company is under scrutiny by the FTC and privacy advocates, said Justin Brookman, director of consumer privacy at the Center for Democracy and Technology. "I'd be very surprised if there was not some type of FTC action."
An FTC spokeswoman said the agency was aware of the allegations, but could not comment beyond that.
On Friday, Stanford University graduate student Jonathan Mayer published information about Google and three other companies defeating Safari's do-not-track protections.
Google said it did not intentionally install tracking cookies. "We used known Safari functionality to provide features that signed-in Google users had enabled," Rachel Whetstone, Google senior vice president for communications and public policy, said in a statement. "It's important to stress that these advertising cookies do not collect personal information."
Google designed a link between its servers and Safari browsers that allowed Google to collect anonymous information about users, Whetstone said.
"However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser," she added. "We didn't anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers."
Even if Google installed tracking cookies inadvertently, that could lead to problems with the FTC, Brookman said. "Technological work-arounds to evade browser privacy settings are unacceptable," he added.
Consumer Watchdog, a privacy advocate that has been critical of Google, called on the FTC to investigate the company for unfair and deceptive business practices.
"They have been lying about how people can protect their privacy in their instructions about how to opt out of receiving targeted advertising," said John Simpson, the group's privacy project director. "Consumer Watchdog has asked the FTC to act because this clearly violates Google's consent agreement with the commission."
The incident also shows the need for the U.S. Congress to pass do-not-track legislation, Simpson added.
Google has shown a history of disregarding privacy concerns, with its Street View cars snooping on Wi-Fi networks, its sharing personal information on its ill-fated Buzz social networking service, and now this, added Jeffrey Chester, executive director of the Center for Digital Democracy, a privacy group.
"In its rush to gather more data on users to boost its marketing revenues, and fight off competition from Facebook, Google has sidelined the privacy implications," he said. "There's a pattern in Google behavior that reveals a company in hot pursuit of a user's data."
Chester rejected Google's explanation that it wasn't collecting personal data from Safari users. "They know very well that such behavioral targeting cookies are tied to unique individuals and reveal important personal information," he said.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.