Google is negotiating with the US Federal Trade Commission (FTC) over how big a fine it will have to pay for its breach of Apple's Safari internet browser, a person familiar with the matter said.
The fine could amount to more than $US10 million, said the person, who declined to be identified because the talks are confidential. The fine would be the first by the FTC for a violation of internet privacy as the agency steps up enforcement of consumers' online rights.
The FTC is preparing to allege that California-based Google deceived consumers and violated terms of a consent decree signed with the commission last year when it planted so-called cookies on Safari, bypassing Apple software's privacy settings, the person said.
"We will of course cooperate with any officials who have questions," Chris Gaither, a Google spokesman, said in an email, declining to comment further. An FTC spokeswoman, Claudia Bourne Farrell, declined to comment.
The cookies allowed Google to bypass Safari's built-in privacy protections to aim targeted advertising at users of Safari on computers, laptops, iPhones and iPads. Google said at the time that it "didn't anticipate this would happen" and that it was removing the files since discovering the slip.
The Safari breach was first identified by Stanford researcher Jonathan Mayer, who published a blog entry on his discoveries on February 16.
'Unfair and deceptive'
Google signed a consent decree with the FTC last year in which it settled allegations it used deceptive tactics and violated its own privacy policies in introducing the Buzz social-networking service in 2010.
The 20-year settlement bars Google from misrepresenting how it handles user information, and requires the company to follow policies that protect consumer data in new products and to submit to regular privacy audits.
The FTC has the authority to levy fines for violations of its consent decrees of as much as $US16,000 a day for each violation.
Google, the world's largest internet search company, on April 12 reported first-quarter revenue of $US8.14 billion, excluding sales passed on to partner sites.
The FTC issued its largest fine in a privacy-related case against data broker ChoicePoint in 2006 for compromises of personal financial records of more than 163,000 consumers. ChoicePoint agreed to pay $US10 million in civil penalties and $US5 million in consumer redress in a settlement with the FTC.
"Google is quickly becoming the privacy problem child for regulators in the U.S. and Europe," said Jeffrey Chester, executive director of the Centre for Digital Democracy, which has urged regulators to review the handling of consumer data by companies including Google and Facebook.
"The Commission's work to enforce its consent decree with Google shows there's a real regulatory cop on the digital beat."