Why states are the big winner in the $17 million Google-Safari settlement


(EPA/BORIS ROESSLER)

On Monday, Google agreed to pay 37 states to settle charges that in 2011 and 2012 it had ignored a key privacy feature embedded in Apple's Safari browser. As part of the deal, Google — while not admitting fault — has also vowed to stop using the code that lets it circumvent the controls. It's a significant victory for consumers, but it's an even bigger deal for the states — some of which have already taken the lead on privacy legislation and, if this case is any indication, may become even more active in privacy litigation.

To understand why that's significant, let's look at how Google settled those same allegations at the federal level. While the outcome was the same, the government's methods were different.

The Federal Trade Commission won a $22.5 million settlement from Google last year. At issue was Safari's use of the third-party cookie blocker, a feature that prevents marketers from tracking your online activity. Unlike other browsers, Safari had enabled the blocker by default, making it much harder for advertisers to track Safari users generally. Google allegedly used a bit of code to override the feature on purpose, despite operating a separate Web page that told Safari users they could trust the privacy feature to work.

That violated a previous legal agreement between Google and the FTC barring Google from making "misrepresentations" about privacy, the government argued.

"The FTC concluded that they didn't go into whether Google broke the law, because they got them on breaking the consent agreement that was in place from the Buzz debacle," says John Simpson, the privacy project director for Consumer Watchdog.

Had it sued Google for deceptive business practices and won, the FTC would have sent a strong signal that professing to protect users' privacy on the one hand while ignoring technical anti-tracking solutions on the other might invite federal scrutiny. As it happened, the FTC won a relatively narrow victory that depended on Google's unique history with the agency.

But while the FTC seemed more cautious about the alleged Safari violation, states have shown no such restraint.

"If you're actively hacking around the privacy settings," said Simpson, "there still is a good likelihood there's a state law being violated."

The states involved in Monday's settlement broadly alleged that Google had indeed broken state consumer protection and computer privacy laws in addition to the consent agreement arguments put forth by the FTC. Washington state specifically claimed that Google had violated the Washington State Consumer Protection Act.

According to Jonathan Mayer, the privacy researcher at Stanford who first reported Google's alleged circumvention methods, states enjoy wider freedom than the federal government to bring a consumer protection case, to compel discovery and to impose monetary fines. Given a demonstrated willingness to accuse Google of breaking the law, it's reasonable to think that states might apply the same logic to other companies, too.

"The state attorneys general have both the inclination and the legal latitude … to be vigorous enforcers on consumer privacy," said Mayer. "Where the FTC can't act, we now have evidence that the state AGs might."

Brian Fung covers technology for The Washington Post, focusing on telecommunications and the Internet. Before joining the Post, he was the technology correspondent for National Journal and an associate editor at the Atlantic.

business/technology

the-switch

Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Comments
Show Comments
Most Read Business

business/technology

the-switch

Success! Check your inbox for details.

See all newsletters

Next Story
Brian Fung · November 19, 2013

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.