AG Gansler Announces $17 Million Multistate Settlement with Google over Tracking of Consumers
Internet giant to pay Maryland penalty of more than $1 million
Baltimore, MD (Nov. 18, 2013) - Attorney General Douglas F. Gansler announced today that Maryland, joined by 36 states and the District of Columbia, has entered into a settlement with Google Inc., concerning its setting of cookies on certain Safari web browsers during 2011 and 2012. The $17 million settlement requires Google to change its privacy practices and to pay Maryland, which led the multistate investigation, more than $1 million as a civil penalty.
"Given the many, often undetectable ways personal information can be collected and shared online, consumers need to be able to trust that their privacy preferences will be honored," said Attorney General Gansler. "Internet companies must keep their privacy promises so that consumers can navigate the Internet on their own terms."
Google operates the most popular search engine on the Internet. Use of the search engine is free, so Google generates revenue primarily through advertising. Through its DoubleClick advertising platform, Google sets third-party cookies - small files set in consumers' web browsers - that enable it to gather information about those consumers, including, depending on the type of cookie, their Internet surfing habits. Apple's Safari web browser is set by default to block third-party cookies, including cookies set by DoubleClick to track a consumer's browsing history.
From June 1, 2011 until February 15, 2012, Google altered its DoubleClick coding to circumvent those default privacy settings on Safari, without consumers' knowledge or consent, enabling it to set DoubleClick cookies on consumers' Safari browsers. Google disabled this coding method in February 2012 after the practice was widely reported.
Google had been offering consumers the ability to opt out of having third-party advertising cookies set on their browsers by installing an advertising cookie opt-out plugin. On its Web page describing that opt-out plugin, Google represented to Safari users that "Safari is set by default to block all third-party cookies. If you have not changed those settings, this option effectively accomplishes the same thing as setting the opt-out cookie." This statement was misleading to Safari users because it suggested that they would not receive third-party cookies, although subsequent to the inclusion of this statement, Google took active steps to circumvent Safari's default settings for the purpose of setting third-party cookies without the consumers' knowledge or consent.
The Attorneys General alleged that Google's circumvention of the default privacy settings in Safari for blocking third-party cookies violated state consumer protection and related computer privacy laws. The states claimed that Google failed to inform Safari users that it was circumventing their privacy settings and that Google's earlier representation that third-party cookies were blocked for Safari users was misleading.
In order to resolve these allegations, Google has agreed to pay the Attorneys General $17 million and has also agreed to injunctive relief that requires it to do the following:
- Not deploy the type of code used here to override a browser's cookie blocking settings without the consumer's consent, unless it is necessary to do so in order to detect, prevent or otherwise address fraud, security or technical issues.
- Not misrepresent or omit material information to consumers about how they can use any particular Google product, service or tool to directly manage how Google serves advertisements to their browsers.
- Improve the information it provides to consumers regarding cookies, their purposes, and how they can be managed by consumers using Google's products or services and tools.
- Maintain systems designed to ensure the expiration of the third-party cookies set on Safari Web browsers while their default settings had been circumvented.