Google Privacy Snafu Stirs Privacy Debate, Again

Lawmakers, privacy watchers alarmed

It looks like Google was caught with its hand in the privacy cookie jar again. The Wall Street Journal cited a research study from Stanford University showing that Google DoubleClick was circumventing user's privacy controls on Safari and tracking them without their knowledge or permission.

The report, following so close on the heels on the controversity over Google's coming change in its privacy policy March 1, is bound to cause another firestorm.

Google responded quickly to the accuasions in the report. Rachel Whetstone, Google's senior vp of communications and public policy, said in a statement that the Journal "mischaracterizes what happened and why."

"We used known Safari functionality to provide features that signed-in Google users had enabled," said Whetstone. "It's important to stress that these advertising cookies do not collect personal information."

But that may not be enough to calm privacy watchers or lawmakers already suspicious of anything Google does.

Rep. Mary Bono Mack (R-Calif.), chair of the House Subcommittee on Commerce, Manufacturing and Trade, who hosted a recent briefing with Google over the company's upcoming change to its privacy policy, wants Google back in town for another briefing with members. 

"Even if unintentional, as the company claims, these types of incidents continue to create consumer concerns about how their personal information is used and shared," Bono Mack said in a statement. "Companies need to be open about what they're collecting, and how that information is used."

Consumer Watchdog, in a letter to the Federal Trade Commission, accused Google of "lying" and violating the consent decree signed last year with the FTC over its Buzz social network.

"Clearly Google knows that it was in the wrong. After the company was confronted about the Stanford research, it changed its advice page, removing the specific references to Safari," wrote John Simpson, CW's privacy project director.

Reps. Ed Markey (D-Mass.) and Joe Barton (R-Tex.), co chairs of the bipartisan Congressional Privacy Caucus, along with Rep, Cliff Stearns (R-Fla.), chairman of the Subcommittee on Oversight and Investigations, also called on FTC Chairman Jon Leibowitz "to investigate" whether Google is in violation of its settlement.

The Federal Trade Commission declined to comment.

Google may be right, but it almost doesn't matter. The company is facing a growing perception that it just doesn't get it.

"I think the company has their blinders on about the implications of all this," said Jeff Chester, executive director of the Center for Digital Democracy." It's flabbergasting that all these smart people don't have a political and ethical handle on this. You shake your head in disbelief that a smart company can't come clean with consumers and regulators over its privacy practices. They use stealth methods to bypass and they're getting themsevles in trouble in the rush to build a bigger data machine."

Here's Google's full statement from Whetstone:

The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.

Unlike other major browsers, Apple’s Safari browser blocks third-party cookies by default.  However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as “Like” buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content—such as the ability to “+1” things that interest them.

To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous—effectively creating a barrier between their personal information and the Web content they browse.

However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.

Users of Internet Explorer, Firefox and Chrome were not affected. Nor were users of any browser (including Safari) who have opted out of our interest-based advertising program using Google’s Ads Preferences Manager.