Attorney General Jack Conway has joined the attorneys general of 36 states and the District of Columbia in announcing a $17 million settlement with Google Inc. over misleading representations regarding web browsing privacy while using certain Safari web browsers during 2011 and 2012. Kentucky will receive more than $305,000 under the settlement.
"This Assurance of Voluntary Compliance will help consumers and Internet users to better protect their online privacy," General Conway said. "This settlement will require that they be accurately informed about how their personal information may be collected by cookies, and it will provide an additional resource for understanding how to set up their browser privacy settings."
Google generates revenue primarily through advertising. Through its DoubleClick advertising platform, Google sets third-party cookies - small files set in consumers’ web browsers - that enable it to gather information about those consumers, which could include their web surfing habits. Apple’s Safari web browser is set by default to block third-party cookies, including cookies set by DoubleClick to track a consumer’s browsing history.
Google had been offering consumers the ability to opt out of having third-party advertising cookies set on their browsers through installing an advertising cookie opt-out plugin. On its web page describing that plugin, Google represented to Safari users that "Safari is set by default to block all third-party cookies. If you have not changed those settings, this option effectively accomplishes the same thing as setting the opt-out cookie." This statement was misleading to Safari users because it suggested that they would not receive third-party cookies, although Google later took active steps to circumvent Safari’s default settings for the purpose of setting third-party cookies.
From June 1, 2011 until Feb. 15, 2012, Google altered its DoubleClick coding to circumvent default privacy settings on Safari, without consumers’ knowledge or consent, enabling it to set DoubleClick cookies on consumers’ Safari web browsers. Google disabled this coding method in Feb. 2012 after the practice was widely reported on the Internet and in media.
The states claim that Google’s circumvention of the default privacy settings in Safari and failure to inform Safari users that it was circumventing their privacy settings, in light of its earlier representation that third-party cookies were blocked for Safari users, was misleading and violated state consumer protection and related computer privacy laws. To resolve these allegations, Google has agreed to pay the attorneys general $17 million and agreed to injunctive relief that requires it to:
- Not deploy the type of code used here to override a browser’s cookie blocking settings without the consumer’s consent unless it is necessary to do so in order to detect, prevent or otherwise address fraud, security or technical issues.
- Not misrepresent or omit material information to consumers about how they can use any particular Google product, service, or tool to directly manage how Google serves advertisements to their browsers.
- Improve the information it provides to consumers regarding cookies, their purposes, and how consumers can manage them using Google’s products or services and tools.
- Maintain systems designed to ensure the expiration of the third-party cookies set on Safari web browsers while their default settings had been circumvented.
General Conway’s Office of Consumer Protection participated in the investigation of this case.