The settlement announced Monday stems from a technological loophole that enabled Google's DoubleClick advertising network to shadow unwitting Safari users, even though the browser's maker, Apple Inc., prohibited the tracking without obtaining a person's permission. By following what Safari users were doing online, DoubleClick could gain more insights about what types of ads were most likely to appeal to different Safari users.
This is the second time that authorities in the U.S. have cracked down on Google for its secret shadowing of Safari users from June 2011 through mid-February of last year. The Federal Trade Commission fined Google $22.5 million last year. It represented the largest penalty that the FTC had ever collected for a civil violation.
Google Inc. has maintained the Safari intrusion was an inadvertent side effect of an attempt to make it easier for people to recommend ads.
The Mountain View, California company disabled the surveillance coding, known as "cookies," in February 2012 after the violation of Safari's privacy policies was initially reported. Until the problem was uncovered by a graduate student at Stanford University, Google had assured Safari users that they wouldn't be monitored, as long as they didn't change the browser settings to permit the tracking.
"Misrepresenting that tracking will not occur, when that is not the case, is unacceptable, as this settlement emphasizes," Wisconsin Attorney General J.B. Van Hollen said.
Google isn't acknowledging any wrongdoing in the settlement. That's the same position that Google took when it paid the FTC fine last year.
"We work hard to get privacy right at Google and have taken steps to remove the ad cookies, which collected no personal information, from Apple's browsers," the company said in a Monday statement. "We're pleased to have worked with the state attorneys general to reach this agreement."
The settlement will be divided among the participating states and the District of Columbia.
The rebuke from the states is primarily a public relations blow to Google, whose privacy controls have suffered other lapses in recent years. In perhaps the most glaring privacy breach, a Google engineer installed a program that enabled company cars taking pictures of street scenes to scoop up personal data being transmitted over unprotected Wi-Fi networks. The company also exposed the contact lists of Gmail users in 2010 when it launched a now-defunct social networking service called Buzz.
The settlement won't put much of a dent in Google's finances. After stripping out the company's advertising commissions, Google's revenue this year is expected to be about $47 billion, according to analysts surveyed by FactSet. According to that estimate, it would take Google slightly more than three hours to generate $17 million in revenue on an average day.
Besides paying the fine, Google also is agreeing to maintain a special page devoted to cookies for the next five years and refrain making any misleading statements about its online tracking practices.