Google will settle charges that it violated the privacy of millions of consumers to the tune of $22.5 million, according to a recent report in The Wall Street Journal.

Last fall, a graduate student revealed that Google, among others, was circumventing Safari’s no-tracking browser settings by using hidden code to install a cookie to track users’ browsing habits. The company acknowledged the practice but said that it was unintentional and that it had removed the cookies. The Federal Trade Commission began an investigation in February.

Although the installation of the cookie itself was arguably not a deceptive practice, Google had informed users that Safari would block tracking cookies. Its failure to honor that statement constituted a violation of last year’s consent decree with the FTC.

In the case that gave rise to the consent decree, the FTC alleged that Google used deceptive tactics and violated its own privacy policy when it launched Buzz, its social networking feature. As part of the settlement, Google was the first company required by the agency to implement a comprehensive privacy program. The company was also barred from future misrepresentations to users about its privacy policies.

The agency calculated the fine by aggregating the number of iPad, iPhone, and Mac users at a rate of $16,000 per day.

In a statement, Google said that it would not comment “on any specifics” of a settlement. “However, we do set the highest standards of privacy and security for our users. The FTC is focused on a 2009 help center page published more than two years before our consent decree, and a year before Apple changed its cookie-handling policy. We have now changed that page and taken steps to remove the ad cookies, which collected no personal information, from Apple’s browsers.”

According to The Wall Street Journal report, the $22.5 million fine would be the largest penalty levied against a single entity in FTC history.

Why it matters: The settlement reinforces the FTC’s current focus on privacy as well as its willingness to enforce the terms of its consent decrees. Companies should use caution when drafting their privacy policies and ensure that they are living up to their promises – or face an enforcement action.