$22.5 Millon Google Fine for Privacy Breach Made Public By FTC
Added by Doug Bonderud on Jul 18, 2012
Google's had its share of run-ins with the Federal Trade Commission (FTC) over privacy breaches, including the much-publicized Wi-Fi spying debacle a few years ago. Although the company has since signed a 20-year decree pledging that it won't mislead consumers about its privacy practices (with each violation subject to a $16,000 per day charge), it has now received a $22.5 million slap on the wrist for violating Safari browser Do Not Track settings. While the Google fine won't exactly hurt their almost $40 billion a year bottom line, it appears designed as a message to other, not-so-massive providers: The FTC is watching.
Ignorance is Bli$$
A recent article at The Telegraph discusses the FTC fine and Google's culpability--essentially, they're pleading ignorance, claiming the bypass of Do Not Track settings in Safari was done "inadvertently." This is the same claim they made when news of Wi-Fi-Spy broke, but it was quickly determined that the downloading of data was deliberate, not accidental. Google is now dealing with a broad range of challenges relating to regulations thanks to its dominant position in the market, with concerns rising that it is deliberately stifling competition.
In a statement released July 10, Google said "we do set the highest standards of privacy and security for our users," and stated that any information collected by tracking technology in Safari wasn't personal in nature. While that sounds reassuring, it gets less so once you know about the Stanford University study that found Google overrode existing Safari protocols, despite assurances to users that they didn't need to take any extra steps to avoid being tracked on their iDevices. This is a clear warning for IT admins--don't take anything for granted, especially if it comes from a provider's mouth. While it's simpler to assume that large companies will abide by their own transparent security policies, it's apparent that they're not above using the "we didn't know" strategy to deflect blame.
And even if the company was somehow ignorant of this particular breach, that doesn't remove their responsibility--just as with traffic or criminal law, ignorance is no excuse. It's hardly a surprise, then, that the FTC is looking to make an example of Google with the highest fine they've ever levied. But is it enough?
In an InfoWorld article, author Robert X. Cringely compares the $22.5 million Google's being forced to pony up (with no admission of fault) to a parking ticket. That's because the FTC fine represents only 0.0006 of the company's 2011 revenue and if we reduce the numbers, comes out to $60 on a $100,000 per year salary. On paper more than $20 million dollars looks huge, but to a company like Google the FTC and its financial sanctions are a mosquito buzzing around its ears. Theoretically, the FTC could have stepped up and fined the search giant $16,000 per violation per day for a total of $192 billion every day, and, although that kind of knockout punch would never see the light of day, it would certainly get Google's attention.
Cringley also makes an interesting reference to Joseph Stalin (playing the role of Google in this example) who, when referencing the power of the Pope, noted he "lacked tanks." Here, the issue isn't so much that the FTC doesn't have tanks but that they won't get the kind of support they need to put them into the field. Sure, the FTC could hand out a huge fine but because of Google's increasing impact on the American tech economy, they wouldn't find support from other levels of government and any "tanks" they put into the field would quickly stop getting resupplied. As a result, the $22.5 million starts to make a certain kind of sense; the Google fine is the biggest ever levied and should serve to scare off other companies out there using grey-hat tracking technology.
IT admins at midsize businesses won't be able to avoid services offered by Google or other large industry players, especially as more employees start to use their own devices at work and aren't interested in complying with IT practices. That Google continues to act as it wants instead of as it's obligated to means a need for renewed diligence on the part of IT pros--software, servers and cloud solutions that seem squeaky clean can't be taken at face value.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.