Google tracks Safari web browser users despite do-not-track


In 2012 the US Consumer Watchdog advocacy group filed a complaint against Google alleging that the company had violated its 2011 consent decree with the US Federal Trade Commission in the case about Google Buzz. The complaint was based on February 2012 revelations that the site was failing to honour do-not-track settings in Apple's Safari web browser. The browser itself was set by default to refuse to accept third-party cookies, as these are often used to track users across the web. Google's privacy controls offered users of many other browsers the possibility of opting out of receiving these (the serve would place an "opt-out cookie" on the user's hard drive), but noted that Safari users need do nothing since their browser incorporated blocking by default. Stanford researcher Jonathan Mayer discovered, however, that Safari users were nonetheless being served with third-party cookies and targeted ads, and being tracked. Google explained that it used a loophole in Safari to trick the browser into identifying third-party cookies as local ones for the purpose of displaying +1 buttons on the Adsense ads it places around the web so it could identify the account  to which clicks should be linked. While Safari only had 6% of desktop users at the time, it represented more than half of all mobile browsing. 

The FTC charged that Google's misrepresentation in this case was a violation of the October 2011 settlement the agency had reached with the company in October 2011 over the launch of Google's Buzz social network. In August 2012, the FTC reached a settlement with Google, which agreed to pay $22.5 million, a record at the time. The order also required Google to disable all the tracking cookies it had said it would not place on users' computers. The company was subsequently paid $17 million in fines to 37 US states and the District of Columbia. 

In Europe, Google was already under investigation by data protection regulators in the UK, France, Germany, Italy, Spain, and the Netherlands for the company's 2011 consolidation of its privacy policies across all its services.

A group of UK users opened legal proceedings against the company; although it was eventually settled, the case, Vidal-Hall v. Google, established that UK citizens can force regulatory action and opened the ability to sue for non-economic damages.

Writer: Julia Angwin and Jennifer Valentino-DeVries, FTC, Charles Arthur, Pinsent Masons, Steve Peers

Publication: Wall Street Journal, FTC, Guardian, Out-Law, EU Law Analysis

Related learning resources
Target Profile