In February, the Wall Street Journal reported on new research by Stanford researcher Jonathan Mayer that shows four companies seek to circumvent consumers’ privacy settings in Apple’s browser, Safari. The four companies are: Google, Vibrant Media, Media Innovation Group and PointRoll. Google said the circumvention was a mistake and it has disabled the code, but there was (pdf) public criticism, including a complaint (pdf) filed with the Federal Trade Commission. Questions were raised about whether the Safari circumvention meant that Google had violated a settlement it made with the FTC last year over Google’s Buzz product. The Internet services giant agreed to a comprehensive privacy program to settle charges (pdf) it “used deceptive tactics and violated its own privacy promises to consumers when it launched its social network, Google Buzz.
A couple of days ago, the Federal Communications Commission decided (agency pdf; archive pdf) that it will not take enforcement action against Google over its Street View scandal — the company admitted in 2010 that its Street View program had collected data — without individuals’ knowledge or consent — including entire e-mails and passwords. However, the FCC did fine Google $25,000 for impeding the agency’s investigation. In October 2010, the Federal Trade Commission announced that (pdf) it had closed an investigation into possible privacy breaches by Google’s Street View after the company pledged to stop gathering consumers’ e-mail, passwords and other personal data.
Now, the San Jose Mercury News reports on updates in the FTC investigation into Google’s circumvention of the Safari Web browser’s privacy settings. The FTC investigation could lead to a fine that would significantly dwarf the one that Google just received from the FCC. The newspaper reports:
The Federal Trade Commission is deep into an investigation of Google’s actions in bypassing the default privacy settings of Apple’s (AAPL) Safari browser for Google users, according to sources familiar with ongoing negotiations between the company and the government.
Within the next 30 days, the FTC could order the Mountain View search giant to pay an even larger fine in the Safari case than the penalty the Federal Communications Commission hit Google with Friday, say the sources, who spoke on condition of anonymity. […]
The FTC investigation focuses on whether Google violated the terms of an existing settlement involving privacy problems with its ill-fated “Buzz” social network in 2010, and could carry sanctions as large as $16,000 per violation per day, adding up to a penalty that could dwarf the fine imposed by the FCC. […]
[T]he main threat for Google is that the FTC is investigating the Safari matter as the violation of an existing consent decree that resulted from alleged previous privacy violations, which gives the agency the resources to unleash a division of lawyers who enforce existing orders.
That is allowing the FTC to move much more quickly in the Safari case than it could in a stand-alone complaint about deceptive trade practices. As part of its agreement signed last year with the FTC following the Buzz incident, Google agreed to undergo 20 years of outside reviews of its privacy policies and promised not to misrepresent its privacy practices to consumers. Google did not acknowledge breaking the law by agreeing to the Buzz consent decree and did not pay a fine.
While Google would have the ability to contest any FTC fine in federal court, the financial sanctions in the Safari case could be sizeable, particularly if the FTC were to define “a violation” as each person affected. The government is trying to determine just how many people were affected by the Safari breach, and people familiar with the case say it could easily run into the millions of iPhone, iPad and Mac users.