Google has agreed to pay $5.5 million in order settle a class-action lawsuit alleging that it violated Safari users' privacy by circumventing their no-tracking settings.
The deal, which received preliminary approval on Wednesday, requires Google to donate around $3 million to six schools and nonprofits -- Berkeley Center for Law & Technology, Berkman Center for Internet & Society at Harvard University, Center for Democracy & Technology, Public Counsel, Privacy Rights Clearinghouse, and the Center for Internet & Society at Stanford University.
The settlement also calls for the lawyers who brought the case to receive up to $2.5 million. Individual Safari users won't receive anything.
If granted final approval by U.S. District Court Judge Sue Robinson in Delaware, the settlement will resolve a class-action lawsuit stemming from the "Safari hack" -- one of the bigger privacy snafus of recent years. The hack came to light in 2012, when computer researcher Jonathan Mayer (now with the Federal Communications Commission) published a report stating that Google -- along with WPP's Media Innovation Group, PointRoll and Vibrant Media -- circumvented Safari's privacy settings and then set tracking cookies. After allegedly doing so, all the companies were able to serve ads to Web users based on their Internet activity. None of the companies were accused of linking cookie-based data to users' names.
Google, Vibrant Media and PointRoll confirmed Mayer's report when it came out, and said they had stopped tracking Safari users or would soon do so. Google agreed to pay $22.5 million to settle Federal Trade Commission charges stemming from the workaround, and also paid $17 million to settle with a group of state attorneys general.
Consumers filed a class-action lawsuit against all of the companies. PointRoll quickly settled the case, but Google and the others fought the charges. U.S. District Court Judge Sue Robinson in Delaware dismissed the matter in 2013 but last November, the 3rd Circuit Court of Appeals revived the case against Google (but not Vibrant Media or WPP's Media Innovation Group.)
The appellate panel allowed the consumers to proceed on the theory that Google violated general privacy principles set out in California's constitution, as well as ones developed by judges in California. Two months ago, Google and the consumers told the judge they had reached a settlement, but didn't reveal any specifics.
The settlement details, disclosed on Monday, appear to be similar to several other agreements that resolved high-profile privacy battles between users and Web companies, including Facebook and Netflix.
Google itself settled two prior class-actions by agreeing to make donations to nonprofits. In 2010, Google agreed to pay around $6 million to six nonprofits and schools, and more than $2 million to plaintiffs' attorneys, in order to settle a privacy battle stemming from its launch of the defunct social networking service Buzz. That service created social networks out of people's Gmail contacts. Google designed the feature so that it initially revealed information about the names of users' email contacts, if users activated Buzz without changing the defaults.
Three years later, Google settled another privacy case on nearly identical terms. in order to settle a lawsuit alleging that the company "leaked" search users' names to publishers and advertisers through referrer headers -- the information that's automatically transmitted by Google to publishers and advertisers. (Some queries, like people's vanity searches on their own names, can offer clues to users' identities.)
Theodore Frank, a well-known activist who founded the Washington-based Center for Class Action Fairness, recently asked the 9th Circuit Court of Appeals to vacate that settlement. He raises several challenges to that deal, including that search engine users who were affected by Google's practices won't receive any money.The 9th Circuit is still considering Frank's arguments.