You are here

Why FTC's $22.5m Google Privacy-Fine is Faux Accountability

If one fact-checks and puts in perspective the FTC's expected $22.5m privacy fine of Google -- for bypassing millions of Apple Safari users' privacy and security settings to add a tracking cookie to track users browsing activity -- it looks like faux FTC accountability of Google. Close scrutiny of the FTC's oversight record of Google's exceptionally bad consumer record and very long privacy rap sheet suggests that Google could have little to fear from the FTC on pending privacy or antitrust enforcement going forward, despite PR and optics to the contrary. Unfortunately, the evidence to date indicates the FTC's enforcement oversight of Google has had minimal accountability or deterrent effect on Google's behavior.

To be fair to the FTC, the FTC does not have all the legal authority it needs to fully address the Google privacy enforcement problem, but that being acknowledged, many poor FTC decisions have further self-limited the FTC's ability to confront the exceptional Google enforcement problem.

I. Google appears to enjoy faux FTC Accountability.

Simply, is this expected $22.5m fine likely to deter future Google privacy violations? Deter future Google misrepresentation? Or ensure Google respects users' privacy? Sadly the answer is no if reports about the FTC-Google fine and settlement are true, and one considers the large body of evidence below.

First, this ballyhooed "record" FTC fine is of no material financial consequence to Google. $22.5m is 8 hours of Google's gross profit or .05% of Google cash reserves. If Google were a person making $50,000 a year, the equivalent fine would be $25.

Second, the "record" moniker for this fine is deceiving. The reported second largest FTC fine, $18.8m in 2010 for a New Jersey telemarketer's violation of the terms of a 1998 FTC enforcement order was a real and serious fine, representing not a miniscule fraction of, but most all of the company's assets, including seizure of most all of the principals' personal financial assets, homes, cars etc. That enforcement action also banned the principals from the business. That previously record FTC fine and penalty for the serious offense of violating an FTC enforcement order, reeked of deterrent value and true accountability.

Third, the FTC has the authority under the FTC-Google-Buzz enforcement order to fine Google $16,000 per violation and Google's hack of Apple's privacy and security settings on its Safari browser installed in tens of millions of U.S. consumers with iPhones, iPads and Apple computers. That means that the FTC fine is much less than $1 per consumer violated, or ~.006% of the potential fine per violation. That's not a slap on the wrist, but a barely perceptible touch on Google's proverbial wrist.

Fourth, per the New York Times, "Google will not claim liability for the privacy violations" in this enforcement action. That is similar to the original FTC-Google Buzz settlement that is purportedly being enforced: "Google didn't admit wrongdoing in [that] settlement" either per the WSJ. This sends a terrible message to the public, because the FTC is allowing Google to dodge public responsibility for its actions and boast it has done nothing wrong. This is eerily consistent with Google's public claim that it was exonerated of any lawbreaking when it agreed to pay a $25k fine for impeding an FCC investigation of whether or not Google illegally wiretapped tens of millions of Americans' homes in the StreetView WiSpy affair.

This cavalier attitude signals to the public that in Google's eyes, these were not legitimate or deserved enforcement penalties for Google wrongdoing, but just expedient settlements of nuisance suits with just enough money to make them go away. Google's response is in stark contrast to many other enforcement actions, where a company's leadership issues a public statement admitting wrongdoing, acknowledging it was unacceptable behavior, and pledging that it won't happen again.

The FTC, in allowing Google to evade acknowledgement of public responsibility for its FTC-sanctioned behavior in the Google-Buzz settlement and in this Google-Safari-Hack settlement, has given Google a huge FTC concession and gift. That's because the FTC action effectively provides no ancillary legal benefit to consumers suing Google for redress in private lawsuits or to the State Attorneys General potential enforcement actions against Google to protect consumers. It also allows Google to avoid risk to its ability to apply for Federal Government contracts.

These huge concessions and apparent special dispensation to Google confer potential monetary business savings to Google many times in excess of the $22.5m fine over time. In other words, not only was the FTC fine and penalty meager and of little deterrent value, the FTC's settlements effectively and proactively limit the normal ancillary financial and business consequences to Google of its lawbreaking.

Fifth, in not having to take public responsibility for its violation of tens of millions of American Apple Safari users, Google can deploy its legendary public relations to advance a public narrative that Google did nothing wrong here in order to minimize any consumer distrust that would result if they had to actually officially admit they badly disrespected consumers' privacy.

This is an especially ironic turn of events given that Google often claims it competitively must respect the privacy and security of its users, because if it didn't, consumers would leave because competition is but "one click away."

Sixth, the FTC has looked the other way and did not bring enforcement action against Google on other major Google privacy problems in the past year. The FCC's wiretapping investigation of Google Street View uncovered evidence that Google had misled privacy officials around the world (including the FTC) leading them to prematurely shut down their Street View WiSpy investigations. Google publicly asserted that it was an "inadvertent mistake" of one "rogue engineer." However, the FCC learned it was deliberately part of the design document and known by several Google engineers and management. Tellingly, the FTC did not reopen its investigation once it learned that Google has publicly misrepresented relevant privacy facts to the public deceiving them that Google respected their privacy.

And after EPIC sued the FTC to enforce the Google-Buzz settlement requirement that Google provide users an opt-out to their new universal privacy policy, the FTC fought EPIC in court so that the FTC did not have to enforce the Google-Buzz settlement. Nevertheless, both the EU and State Attorneys General are investigating Google's refusal to allow consumers to opt out of Google's omni-online surveillance privacy policy.

II. Google is mocking the FTC's misrepresentation enforcement capability.

In the height of irony and hypocrisy, Google, in commenting on this FTC enforcement action against Google for deceptive practices and misrepresenting its privacy policy, told the media in a statement that at Google: "We do set the highest standards of privacy and security for our users." Does no one in Google PR have the self-awareness that it is unwise to represent Google as having no privacy or security problems that would affect users, when commenting on a $22.5m enforcement action by the FTC for misrepresenting its privacy protections to Google?

It will be interesting to learn if anyone at the FTC has a problem with continued consumer privacy misrepresentations by Google. Or if the FTC will inquire of Google how "the highest standards of privacy and security" could yield such a major breakdown in consumer privacy protection less than a year after the FTC-Google-Buzz settlement was finalized? Once again the obvious public facts contradict Google's public privacy representations of safety for consumers.

III. Several past poor FTC decisions are responsible for much of the current Google privacy problem.

Few remember that the FTC/DOJ decided a few years ago that consumer privacy would not be a competitive issue or potential antirust problem. If reporting is accurate, and the FTC confirms that Google hacked its leading competitor's privacy and security settings and effectively overrode Apple's security protections and users' privacy choices for millions of consumers, then the FTC by its own policy and admission is holding contradictory conclusions at the same time. If the FTC truly believes privacy violations can't be a competition/antirust issue, then why does the FTC have a problem with one competitor breaking into another competitors' system to bypass user privacy settings for competitive advantage?

That fateful decision to pre-determine that competitive mass violations of privacy were not a potential anti-competitive problem going forward, when the FTC and industry knew the FTC had very weak authority to police Internet privacy problems, the FTC effectively declared open season on consumers' privacy. In other words, the FTC/DOJ effectively created a de facto, deceptive/unfair business practices, safe harbor for mass competitive abuse of consumers' privacy -- like Google has engaged in repeatedly.

Instead of creating an incentive for companies to compete on privacy protection, the perverse effect of the FTC/DOJ's decision to not see privacy actions as potentially anti-competitive is that the FTC decision gave competitors every incentive and comfort to abuse consumers' privacy for competitive advantage in order to achieve better consumer tracking and ad monetization.

Moreover, the FTC in approving Google-DoubleClick merger without any conditions to protect competition or privacy in 2007, the FTC put the omni-tracking cookie into Google's hands that Google used when it broke into Apple's Safari browser to further extend its online advertising dominance. Without DoubleClick's technology, Google would not have had the incentive or ability to fully financially benefit from hacking into Apple users browsers to better target them with ads.

It is also instructive to remember that the FTC approved the Google-Admob acquisition without any conditions, when Google now dominates U.S. search advertising with 95% market share per eMarketer. The FTC tipped Google to monopoly in approving Google-DoubleClick and allowed Google to extend its monopoly to mobile in approving Google-AdMob.

IV. Conclusion

While the optics of the FTC hiring a tough prosecutor to lead the Google antitrust probe suggest an FTC proclivity to prosecute in court rather than settle the FTC-Google antitrust case, the outside prosecutor's part-time time commitment to the case (versus the full-time commitment of Sandy Litvack, who was brought in by DOJ to prosecute the DOJ Sherman Section 1 & 2 monopolization case against the Google-Yahoo Ad Agreement) suggests the FTC could have a bias towards settlement of the potential FTC-Google lawsuit rather than prosecution in court.

Given Google's experience of effectively eluding responsibility, accountability and deterrent effect in dealing with the FTC on enforcement settlements of FTC Section 5 enforcement cases, that suggests Google may have little to fear in the end from the FTC.