Josh Goldman
One twist on privacy self-regulation is regulation through competitive pressures. A recent back-and-forth between Microsoft and Google has turned a spotlight on browser privacy settings and online advertising companies’ ability to work around the settings to collect data on users.
Late last week, The Wall Street Journal reported that a Stanford graduate student had discovered a technique Google and other ad companies were using to circumvent default settings in Safari that blocked websites from installing cookies. According to the Journal, “While Safari does block most tracking, it makes an exception for websites with which a person interacts in some way—for instance, by filling out a form. So Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google. Safari would then let Google install a cookie on the phone or computer.”
On Monday, Microsoft accused Google of using similar techniques to circumvent privacy settings in Internet Explorer through “a nuance in the P3P specification that has the effect of bypassing user preferences about cookies.”
Google’s response? On the Safari workaround, Google noted, “The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.” On the Internet Explorer issue, Google pointed to what it described as outdated Microsoft policies, countering that it is “impractical to comply with Microsoft’s request” given modern web functionality.