Yesterday, the Federal Trade Commission announced that it approved a settlement requiring Google to pay $22.5 million for bypassing the security settings of millions of customers using the Apple’s Safari web and mobile browser, but admit no liability. The penalty roughly amounts to five hours of 2011 revenues for the search giant, according to the Wall Street Journal, despite being the single largest fine to an individual corporation in F.T.C. history.
The penalty comes six months after Google and other advertisers were discovered exploiting a Safari loophole that allowed it to monitor web behavior if a user interacts with a page, regardless of permission settings.
This is not the first time that Google’s forays into social media have been investigated by the FTC — it also settled over Google Buzz violations in 2011 — and privacy missteps have plagued the search giant across the board in recent years. Last month, it was reported that Google failed to delete street view data in France, resurrecting yet another privacy violation scandal, this one about private data collected by scraping unencrypted WiFi networks by Street View vehicles.
Commentators have noted the minimal financial scale of the F.T.C. penalty in comparison to Google revenues — some citing the potential public relations fallout as a greater threat to the business. It’s no real surprise regulatory action was minimal: Congressional Research Service reports call current privacy protections a “patchwork” policy, with Wired and ProPublica decrying the privacy watchdog as “toothless” in June.
The lack of serious enforcement has led to a market where privacy violations and F.T.C action is par for the course. The F.T.C. settled investigations into other high profile online brands including Facebook and Twitter in 2011.
The visibility of online privacy issues has become more prominent in recent years despite this enforcement gap. The Pew Internet and American Life Project reported as far back as 2008 “68% of cloud users are very concerned about targeted ads based on online behavior.” January’s SOPA blackouts demonstrated the commitment of online news and advocacy communities to online privacy, and their ability to organize an effective grassroots lobbying campaign.