As reported below, the risk of getting privacy rules wrong can be substantial. The FTC has now confirmed that while Google has not admitted to any liability for allegedly bypassing privacy settings of users on the Safari web browser (which would also be in breach of an earlier settlement Google reached with the FTC about user privacy), it has agreed to pay a $22.5 million civil penalty in order to settle the FTC’s current investigation into the allegations. The FTC announced that it had reached this agreement with Google on 9 August, 2012. While this may not be a significant sum against Google’s overall revenue, it is the largest FTC fine to date. It comes in the wake of another substantial sanction imposed in the US private sector for breach of user privacy choices: in April 2012 a federal district court judge fined two individual telemarketers trading under various companies $30 million for calling individuals listed on the Do-Not-Call Register. On the other side of the Atlantic, the UK Information Commissioner’s Office is also increasing its enforcement of the data privacy rules in the private sector: on 2 July 2012 it imposed £150,000 on consumer lender Welcome Financial Services Limited for losing two million records containing employee and customer data.
Thus, companies on both sides of the Atlantic are running an increasingly large risk if they do not respect their users’ privacy, particularly when it comes to those users’ choices to restrict access to that data.