Google’s $5.5 Million Safari Hack Settlement Gains Final Approval

Google’s $5.5 Million Safari Hack Settlement Gains Final Approval

by Wendy Davis @wendyndavis, February 7, 2017

A federal judge has approved Google’s $5.5 million settlement of a class-action alleging that it violated Safari users’ privacy by circumventing their no-tracking settings.

The deal requires Google to donate more than $3 million to six schools and nonprofits — Berkeley Center for Law & Technology, Berkman Center for Internet & Society at Harvard University, Center for Democracy & Technology, Public Counsel, Privacy Rights Clearinghouse, and the Center for Internet & Society at Stanford University. Those groups must agree to use the money for projects related to online privacy.

The lawyers who brought the case will receive $1.925 million, but individual Web users won’t receive anything.

U.S. District Court Judge Sue Robinson in Delaware rejected a challenge to the settlement by Theodore Frank, a well-known activist who founded the Washington-based Center for Class Action Fairness. Frank argued that the deal was improper because several of the nonprofit recipients already have relationships with Google.

Google's $5.5 Million Safari Hack Settlement Gains Final Approval

He argued that Google’s donations to those amounts to “a change in accounting entries rather than a change in conduct.”

Frank added that the settlement should have been structured to provide funds to individual Safari users, as opposed to nonprofits. He suggested that individual users could submit claims to the court, as happened when Facebook created a $20 million fund to allegations that it violated a California law with its “sponsored stories” program. Alternatively, Frank said, individuals could be compensated through a lottery process.

“Where there is a will, there is a way,” Frank wrote in papers submitted to the Robinson late last year. “When courts demand more of settling parties on behalf of class members, they get more.”

Robinson disagreed with Frank. She noted in her ruling that the fund recipients “are among the preeminent institutions for researching and advocating for online privacy.”

The judge added that the donations to the nonprofits are “an effective and beneficial remedy that bears a substantial nexus to the interests of the settlement class.”

Robinson’s order, entered late last week, brings an end to litigation stemming from the well-publicized “Safari hack.” The hack came to light five years ago, when computer researcher Jonathan Mayer published a report stating that Google — along with WPP’s Media Innovation Group, PointRoll and Vibrant Media — circumvented Safari’s privacy settings and then set tracking cookies. After allegedly doing so, all the companies were able to serve ads to Web users based on their Internet activity.

None of the companies were accused of linking cookie-based data to users’ names. Google, Vibrant Media and PointRoll confirmed Mayer’s report when it came out, and said they had stopped tracking Safari users or would soon do so. Google agreed to pay $22.5 million to settle Federal Trade Commission charges stemming from the workaround, and also paid $17 million to settle with a group of state attorneys general.

Consumers filed a class-action lawsuit against all of the companies. PointRoll settled the case, but Google and the others fought the charges. U.S. District Court Judge Sue Robinson in Delaware dismissed the matter in 2013 but the 3rd Circuit Court of Appeals later revived the case against Google — though not Vibrant Media or WPP’s Media Innovation Group.

Google has settled two prior privacy class-actions by agreeing to make donations to nonprofits. In 2010, Google agreed to pay around $6 million to six nonprofits and schools, and more than $2 million to plaintiffs’ attorneys, in order to settle a battle stemming from its launch of the defunct social networking service Buzz. That service created social networks out of people’s Gmail contacts. Google designed the feature so that it initially revealed information about the names of users’ email contacts, if users activated Buzz without changing the defaults.

Three years later, Google settled another privacy case on nearly identical terms. That matter centered on allegations that the company “leaked” search users’ names to publishers and advertisers through referrer headers — the information that’s automatically transmitted by Google to publishers and advertisers. (Some queries, like people’s searches for their own names, can offer clues to users’ identities.)

Frank is challenging that settlement separately. He recently asked the 9th Circuit Court of Appeals to vacate the deal, arguing that search engine users who were affected by Google’s practices won’t receive any money.The 9th Circuit is still considering Frank’s argument.

MediaPost.com: Search Marketing Daily

(21)