Search giant Google is to pay $17 million to settle a dispute with 37 American states and the District of Columbia after it bypassed Safari browser privacy settings to place ad cookies.
Under the settlement, announced Monday, Google pledged not to use any code capable of overriding browser settings without user consent, unless for security, fraud or technical issues, and to work on raising consumer awareness about how cookies work.
Cookies are small chunks of code stored by a computer to keep track of browsing habits, for instance to keep you logged into various websites between sessions. Internet advertising companies, including Google, rely heavily on cookies to deliver targeted ads, which depend on what kind of websites users visit.
Apple's Safari browser by default blocks third-party cookies, but Google used a way to bypass the restriction. Between June 2011 and February 2012 it used specially-coded cookies that tricked Safari on desktops and mobile devices into storing them, despite privacy settings.
After a Wall Street Journal report on the practice, Google removed the cookies and explained that the violation of privacy settings was due to a bug in the browser itself, while Google's intention was to give access to customers logged into Google's services to use them at third-party sites.
“Unlike other major browsers, Apple’s Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as 'Like' buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content – such as the ability to '+1' things that interest them,” Rachel Whetstone, senior vice-president for communications and public policy at Google, said at the time.
Google said that their using the exploit didn't involve any collection of users’ private data. But the search engine agreed to pay for what the court called a violation of Safari users' rights.
"Consumers should be able to know whether there are other eyes surfing the web with them," New York Attorney General Eric Schneiderman said about the settlement. "By tracking millions of people without their knowledge, Google violated not only their privacy, but also their trust."
In August 2012, Google agreed to settle a similar investigation by the U.S. Federal Trade Commission. It paid a $22 million fine on that occasion.
Violation of privacy does not merit compensation to those whose privacy was violated, a Delaware judge ruled last month, as he dismissing a class-action lawsuit against Google. Judge Sue Robinson said the plaintiffs had failed to prove that collection of their browsing data caused any tangible harm.
The conflict is part of a larger debate between privacy advocates and tech firms relying on tracking Internet users for their business models. Proponents of various “do not track” policies say business access to personal information is overreaching and should be curbed to protect people, while their opponents say such policies hurt innovation and even threaten Internet environment, where many free services are funded by advertising money.