Google settles location tracking lawsuit for only $39.9M • The Register

in brief Google has settled another location tracking lawsuit, yet again being fined a relative pittance.

Washington State Attorney General Bob Ferguson’s office announced the $39.9 million fine last week, along with news that Google will have to implement several state-ordered tracking reforms that clarify what data is being gathered and for what purposes. 

“Today’s resolution holds one of the most powerful corporations accountable for its unethical and unlawful tactics,” Ferguson said in a statement. 

The lawsuit is similar to others filed across the country last year, with attorneys general in Indiana, Texas and Washington, DC joining Washington state in suing Google over claims it used “dark patterns” to trick users into allowing location tracking and data collection, while also making it difficult to opt out. 

In January, Washington DC and Indiana announced a joint settlement with Google that netted the pair $9.5 million and $20 million respectively, which the Washington state AG’s office said it chose not to sign onto in a bid to earn more money for state coffers. 

“Instead of joining a multistate settlement, Ferguson’s office independently filed its own lawsuit and obtained this resolution. The Attorney General’s Office estimates Washington received more than double the amount it would have received under the wider multistate settlement,” the Ferguson’s office said. 

While it’s true that Washington state earned itself considerably more than DC or Indiana, it’s worth noting, as we so often have to do at El Reg, that even a $40m settlement is unlikely to make Alphabet accountants take pause.

In Q1 of this year, Google’s parent company announced [PDF] it had made $15.05 billion in net profit.

Ferguson’s office said it intends to use its Google fine to continue enforcing the Consumer Protection Act. Its enforcement body, the Consumer Protection Division, receives minimal cash from the government and is largely funded by recoveries in cases like this one.

Critical vulnerabilities of the week: KeePass edition

Users of password manager KeePass, beware: it contains a nasty vulnerability that could be used to retrieve all but the first character of a user’s…