August 12, 2012

Internet Privacy Policy Mistake Costs Google $22.5 Million

The Federal Trade Commission has announced that Google has settled claims brought by the agency arising from allegations its privacy policy falsely informed users of Apple’s Safari internet browser that it would not use cookies to track those users (and their activity) or serve targeted ads to those users.  Google agreed to a record $22.5 million civil penalty to settle the claim, a record for this type of violation. 

Google was already under restrictions arising from a settlement with the FTC over practices employed by its now-defunct social network, Google Buzz.  (I've mentioned that settlement, which cost Google a reported $8.5 million, here and here.)

Jon Leibowitz, Chairman of the FTC, commented on the Google settlement:  “No matter how big or small, all companies must...keep their privacy promises to consumers, or they will end up paying many times what it would have cost to comply in the first place.”

The message from the FTC is clear: Internet privacy policies and procedures are right in the agency's crosshairs.  Any company with a website should have a carefully-drafted website privacy policy that accurately describes the company's privacy-related practices.  A "form" policy that does not accurately describe what the company is actually doing with users' information is the best way to attract the attention of the FTC, state regulators and plaintiffs' class action lawyers.

You can read the FTC's press release here, the Complaint here, and the Order here.

Google has not yet issued any statement on its privacy policy blog.