Cookiegate Another Privacy Black Eye For Google

Greg Sterling on
  • Categories: Channel: Industry, Google: Critics, Google: Privacy, Legal: Privacy, Legal: Regulation
  • Call it “Cookiegate” — or “Safarigate” perhaps. Late last night we got the Wall Street Journal’s piece: “Google’s iPhone Tracking: Web Giant, Others Bypassed Apple Browser Settings for Guarding Privacy.” Danny covered the article and its claims extensively at Marketing Land. This morning there’s an expanding debate about whether the WSJ mischaracterized Google’s behavior unfairly or whether the company has in fact been caught with its hand in the cookie jar — as it were.

    To recap: Google and other ad networks (i.e., Gannett’s PointRoll) were discovered circumventing mobile Safari’s default “no third party cookies” settings. The WSJ characterized it as “tricking” Safari. As a practical matter Google was trying to make its +1 buttons work on iOS. The company was quoted in the WSJ article itself saying that nothing sinister was intended:

    The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.

    The Electronic Frontier Foundation believes this controversy warrants a big “mea culpa” from Google and justifies “do not track” options for users. The UK’s Daily Mail describes Google’s activity as tantamount to “spying on iPhone owners.”

    John Battelle defends Google (and decries Apple’s privacy “paternalism”), saying the company was merely restoring “normal web practice”:

    In short, Apple’s mobile version of Safari broke with common web practice,  and as a result, it broke Google’s normal approach to engaging with consumers. Was Google’s “normal approach” wrong? Well, I suppose that’s a debate worth having – it’s currently standard practice and the backbone of the entire web advertising ecosystem –  but the Journal doesn’t bother to go into those details. One can debate whether setting cookies should happen by default – but the fact is, that’s how it’s done on the open web.

    It’s fair to say the story is more complex than what was originally reported by the WSJ. The central problem is that most consumers have little understanding of the intricacies of online advertising, cookie tracking and how to manage the process. And it’s very challenging to educate them on these topics. Indeed, most people never change default settings on their computers or their phones, which is why these “default search” deals are so valuable and coveted in part.

    There are numerous surveys, however, that argue consumers are concerned about privacy and mobile privacy in particular. The degree of concern varies by age, situation and how the question is framed. But the concern is there. For example, a February 2011 survey from TRUSTe and Harris showed that the majority were concerned about mobile “tracking” by third parties:

    The vast majority of survey respondents (98%) believe that privacy is an important issue when using a mobile device and they want more transparency and choice over the personal information mobile apps and websites collect and share, especially as it relates to targeted advertising and geo-location data. Additionally, more than 1 in 3 of consumers (38%) identified privacy as their number one concern when using mobile applications, followed by security (26%) and identity tracking (19%).

    Source: Harris-TRUSTe (2/11, n=1,000 US adults)

    Apple’s mobile Safari default is to block cookies from other than the site being visited. This was a decision Apple made on behalf of its users without “consulting” with them. EFF believes it’s the right choice. Battelle says it breaks with “web practice.” My guess based on the various survey data I’ve seen is that most users would side with Apple on this one.

    Whether or not Cookiegate “has legs” (and members of Congress start calling for more investigations), it’s yet another PR misstep and black eye for Google around privacy. It looks especially bad or “hypocritical” in light of a high-profile campaign Google was recently running on websites like the NY Times about privacy and user data. The campaign tries to educate and reassure users that their data are safe with Google.

    Google has sought to position itself as a guardian of user privacy. Indeed, last year Google specifically said it was going the extra mile to respect and give users control over mobile privacy. But a growing string of controversies, including Google’s recent announcement about the consolidation of its privacy policies into one, has rendered that claim hollow for many people.

    Rather than scheming or conscious, unethical behavior on Google’s part, I tend to see this misstep as a function of arrogance or insensitivity. But the growing number of privacy controversies is becoming problem and contributing to a perception that Google needs to be reined in.

    During the nearly simultaneous Kenya and Search Plus Your World uproars I wrote that people are increasingly inclined to leap to conclusions about Google based on their fundamental beliefs about whether the company is good or “evil.” More and more they project on to the Google ink blot whatever they want to see.

    It’s not clear that any of the privacy issues described above have impacted “ordinary users” or their perceptions of Google. So far there isn’t really any evidence. But if these missteps keep happening Google’s reputation will certainly suffer with the public.

    Postscript: See our follow-up, No Surprise: Congress, Consumer & Privacy Groups Want Google To Explain Safari Privacy Snafu

    Related Entries

    About The Author

    Greg Sterling
    Greg Sterling is a Contributing Editor at Search Engine Land. He writes a personal blog, Screenwerk, about connecting the dots between digital media and real-world consumer behavior. He is also VP of Strategy and Insights for the Local Search Association. Follow him on Twitter or find him at Google+.