WASHINGTON – Google has agreed to a $17 million settlement with Maryland, Virginia, D.C. and 34 other states, and has agreed to change some of its privacy practices.
Through its DoubleClick advertising platform, Google sets third-party cookies — small files set in consumers’ web browsers — that enable it to gather information about those consumers, including, depending on the type of cookie, their Internet surfing habits.
Apple’s Safari web browser is set by default to block third-party cookies, including cookies set by DoubleClick to track a consumer’s browsing history.
From June 1, 2011 until Feb. 15, 2012, Google altered its DoubleClick coding to circumvent those default privacy settings on Safari, without consumers’ knowledge or consent, enabling it to set DoubleClick cookies on consumers’ Safari browsers. Google disabled this coding method in February 2012 after the practice was widely reported.
“Given the many, often undetectable ways personal information can be collected and shared online, consumers need to be able to trust that their privacy preferences will be honored,” said Gansler.
“Internet companies must keep their privacy promises so that consumers can navigate the Internet on their own terms.”
Google had been offering consumers the ability to opt out of having third-party advertising cookies set on their browsers by installing an advertising cookie opt- out plugin. On its Web page describing that opt-out plugin, Google represented to Safari users that “Safari is set by default to block all third-party cookies. If you have not changed those settings, this option effectively accomplishes the same thing as setting the opt-out cookie.”
According to Gansler, this statement was misleading to Safari users because it suggested that they would not receive third-party cookies, although subsequent to the inclusion of this statement, Google took active steps to circumvent Safari’s default settings for the purpose of setting third-party cookies without the consumers’ knowledge or consent.
The Attorneys General alleged that Google’s circumvention of the default privacy settings in Safari for blocking third-party cookies violated state consumer protection and related computer privacy laws.
The states claimed that Google failed to inform Safari users that it was circumventing their privacy settings and that Google’s earlier representation that third-party cookies were blocked for Safari users was misleading.
Gansler says Google has agreed to pay the Attorneys General $17 million and also has agreed to injunctive relief that requires it to do the following:
Not deploy the type of code used here to override a browser’s cookie blocking settings without the consumer’s consent, unless it is necessary to do so in order to detect, prevent or otherwise address fraud, security or technical issues.
Not misrepresent or omit material information to consumers about how they can use any particular Google product, service or tool to directly manage how Google serves advertisements to their browsers.
Improve the information it provides to consumers regarding cookies, their purposes, and how they can be managed by consumers using Google’s products or services and tools.
Maintain systems designed to ensure the expiration of the third-party cookies set on Safari Web browsers while their default settings had been circumvented.
A Google spokesperson tells WTOP: “We work hard to get privacy right at Google and have taken steps to remove the ad cookies, which collected no personal information, from Apple’s browsers. We’re pleased to have worked with the state attorneys general to reach this agreement.”