Miller joins $17 million settlement with 37 state attorneys general for circumventing Safari browser privacy settings
(DES MOINES, Iowa) Search engine giant Google Inc. today agreed to stop overriding certain user privacy settings and will pay the state more than $275,000, as part of a $17 million settlement with Iowa and 36 other state attorneys general.
The settlement concerns Google’s handling of data files, called “cookies,” which track a user’s internet activity, on certain Safari Web browsers, developed by Apple Inc., during 2011 and 2012.
Google had been offering consumers the ability to opt out of having third-party advertising cookies set on their browsers through installing an advertising cookie opt-out plugin.
“Google claimed that Safari users didn’t have to do a thing to maintain their browsing privacy, and that wasn’t the case,” Attorney General Tom Miller said. “Google collected Safari users’ internet activity. Consumers didn’t know it and certainly didn’t approve it.”
State AGs: Google Misled Consumers about Blocking Third-Party Cookies in Safari
On its Web page describing the opt-out plugin, Google represented to consumers using the Safari Web browser that “Safari is set by default to block all third-party cookies. If you have not changed those settings, this option effectively accomplishes the same thing as setting the opt-out cookie.”
This statement was misleading to Safari users because it suggested that they would not receive third-party cookies, although subsequent to the inclusion of this statement, Google took active steps to circumvent Safari’s default settings for the purpose of setting third-party cookies. By circumventing Safari’s default settings, Google placed cookies on the computers of Safari users without the consumers’ knowledge or consent.
Google Deploys Cookies, Gathers Consumer Information through “DoubleClick”
Google operates the most popular search engine on the Internet and generates revenue primarily through advertising. Through its “DoubleClick” advertising platform, Google deploys third-party cookies that enable it to gather information about those consumers, including, depending on the type of cookie, their Web surfing habits.
Google Altered Coding to Circumvent Consumer Privacy Settings
By default, Apple’s Safari Web browser is set to block third-party cookies, including cookies set by DoubleClick to track a consumer’s browsing history. From June 1, 2011 until February 15, 2012, Google altered its DoubleClick coding to circumvent those default privacy settings on Safari, without consumers’ knowledge or consent, enabling it to set DoubleClick cookies on consumers’ Safari Web browsers. Google disabled this coding method in February 2012 after the practice was widely reported on the Internet and in media.
The attorneys general allege that Google’s circumvention of the default privacy settings in Safari for blocking third-party cookies violates State consumer protection and related computer privacy laws. The states claim that Google failed to inform Safari users that it was circumventing their privacy settings and that Google’s earlier representation that third-party cookies were blocked for Safari users was misleading.
To resolve these allegations, Google has agreed to pay the states $17 million, including $275,629 to Iowa, for the state’s consumer education and litigation fund. Google has also agreed to the following:
- Not deploy the type of code used here to override a browser’s cookie blocking settings without the consumer’s consent unless it is necessary to do so in order to detect, prevent or otherwise address fraud, security or technical issues.
- Not misrepresent or omit material information to consumers about how they can use any particular Google product, service, or tool to directly manage how Google serves advertisements to their browsers.
- Improve the information it provides to consumers regarding cookies, their purposes, and how they can be managed by consumers using Google’s products or services and tools.
- Maintain systems designed to ensure the expiration of the third-party cookies set on Safari Web browsers while their default settings had been circumvented.