- A statement in Google’s help pages, to the effect that the default Safari configuration effectively prevents them from tracking users; and
- Google’s participation in the Network Advertising Initiative, which has a code of conduct that generally requires complete disclosure of data collection practices.
While expansive, this is not unfair. Companies like Google get plenty of mileage out of NAI participation as a “Good Housekeeping Seal” for privacy, so they should also be liable when they transgress those requirements. As a basis for liability, this is not unlike Rule 10b-5 in securities law, which makes public companies accountable not only for express misstatements, but also for omissions of material facts.
What this means in practical terms: