Vote in our poll: is Google’s fine of $22.5 million enough to buy privacy?

Google fined $22.5 million for not living up to its privacy promises

An apparently unrepentant Google has agreed to cough up $22.5 million to the US Federal Trade Commission (FTC) to dispose of charges that it “misrepresented privacy assurances to users of Apple’s Safari browser.”

As with my previous story about Google and its WiFi trawling, we need a timeline summary to keep track (no pun intended) of what’s been going on here:

* In February 2010, Google launched Buzz, a social networking application for Gmail.

The launch drew the ire of of those concerned about privacy, and a class action lawsuit arose alleging that Google “automatically enrolled Gmail users in Buzz, and that Buzz publicly exposed data, including users’ most frequent Gmail contacts, without enough user consent.”

* In November 2010, Google paid $8.5 million to settle the class action.

As we reported back then, Google didn’t pay out nickels-and-dimes to each offended individual in the class action, but agreed to put the lump sum “into an independent fund to “support organisations promoting privacy education and policy on the web.”

* In March 2011, Google apologised to Buzz users and settled with the FTC.

The settlement included an agreement by Google to implement a comprehensive privacy program that includes privacy and data protection audits by an independent third party every two years for the next 20 years. Google’s apology certainly sounded pretty straight-from-the-hip, telling you that:

User trust really matters to Google. That's why we try to be clear about what data we collect and how we use it — and to give people real control over the information they share with us.

* In December 2011, the FTC busted Google using sneaky web coding to bypass Safari’s cookie policy.

Briefly explained in a neat technical posting from the FTC itself, Google overrode Safari’s cookie controls to bypass the browser’s regular behaviour of blocking so-called third party cookies. (That’s a cookie which is set by a site other than the original one you visited.)

Google achieved this by creating an invisible HTML form and then using JavaScript to pretend that the user had submitted it. This caused Safari to process the third-party page, and, by extension, its cookies, at the same trust level as the first-party page. The FTC understandably considered this dubious, not least because the HTML form had neither content nor a Submit button.

So much for giving people “real control over the information they share with us.”

* In August 2012, Google agreed to pay $22.5 million to the FTC.

The FTC’s argument against Google was simple: the company hadn’t lived up to the privacy promises it made to its consumers.

And there you have it. What more to say?

Google will cough up $22.5 million for putting sneaky code into its web pages, even after agreeing that it would get comprehensive about privacy.

Nevertheless, according to reports, Google’s public response seems unrepentant – or at least unapologetic – and comes close to dismissing the issue as old, tired and unimportant. The BBC, for example, quotes a Google spokesman as saying: “The FTC is focused on a 2009 help centre page published more than two years before our consent decree, and a year before Apple changed its cookie-handling policy.”

Optimistically, the BBC goes on to report the comments of Nick Pickles, director of privacy campaign group Big Brother Watch:

The size of the fine in this case should deter any company from seeking to exploit underhand means of tracking consumers. It is essential that anyone who seeks to over-ride consumer choices about sharing their data is held to account.

To be sure, $22.5 million is a lot of money.

But Google already forked out $500 million in August 2011 for helping illegal vendors of pharmaceuticals to place ads on its servers. Not just for taking the scammers’ money, you understand, but for helping these “customers” to bypass the controls Google had already put in place to prevent the abuse.

So…is the money enough? Or is Google just treating the penalty as part of its cost of doing business?

Have your say in our poll.