Five months after the first news that Google circumvented users’ cookie settings in Apple’s mobile and desktop Safari web browsers, it looks like the company is close to settling the matter with the FTC for $22.5 million. According to The Wall Street Journal, there is a good chance that the penalty will be the largest the Commission has ever levied on a single company.
Google has maintained that users want the behavior
By default, Safari only accepts cookies from sites that users have actually visited, or from things that the user clicks, like ads. In this default state, advertisers can't leave cookies on users’ devices, so in order to get around the behavior, Google used some sneaky code to submit blank forms to its ad network, DoubleClick. These transmissions — of blank forms from users’ browsers — signaled that they were interacting with DoubleClick, telling Safari to allow its cookies; ostensibly to provide Google+ users with otherwise-barred +1 button functionality. Google has insisted that users signed into the social platform want the behavior, but unfortunately, setting the initial cookie green lights others coming from DoubleClick, including the "id" cookie that tracks users’ activity across multiple websites. This is precisely the kind of code that the Safari setting is designed to block, hence the uproar.
The Journal says that the settlement hasn’t been finalized, and still needs to be approved by FTC commissioners, but that both the FTC and Google have agreed to the fine. While the $22.5 million settlement might sound like a decent sum of cash, the paper calculates that last year the search giant made that much in revenue every 5 hours. This is obviously not the first time that Google has gotten into hot water by taking liberties with its users' privacy; the company is facing renewed investigations in the UK and elsewhere for its Street View data collection misadventures.