Yesterday the Federal Trade Commission (the "FTC") announced that it had entered into a settlement agreement with online advertising network, Epic Marketplace Inc. ("Epic"), that bars the company from continuing to use history sniffing technology, which allows online operators to "sniff" a browser to see what sites consumers have visited in the past. The settlement also bars future misrepresentations by Epic and requires the company to destroy information that it gathered unlawfully.
According to the FTC, Epic is a large advertising network that acts as an intermediary between website publishers and advertisers and has a presence on 45,000 websites. Consumers who visited any of the network's sites received a cookie, which stored information about their online practices including sites they visited and the ads they viewed. The cookies allowed Epic to serve consumers ads targeted to their interests, a practice known as online behavioral advertising. In its privacy policy, Epic claimed that it would collect information only about consumers' visits to sites in its network. The FTC also alleged that Epic did not disclose in its privacy policy that it engaged in history sniffing. However, according to the FTC, Epic was in fact employing history-sniffing technology that allowed it to collect data about sites consumers visited outside of Epic's network, including sites relating to fertility issues, impotence, menopause, incontinence, disability insurance, credit repair, debt relief, and personal bankruptcy. The FTC alleged that depending on which domains a consumer had visited, Epic assigned the consumer an interest segment, including categories such as "Incontinence," "Arthritis," "Memory Improvement," and "Pregnancy-Fertility Getting Pregnant." Epic then used these categories to send consumers targeted ads.
The consent order bars Epic from using history sniffing, and requires that they delete and destroy all data collected using it. It also bars misrepresentations about the extent to which Epic maintains the privacy or confidentiality of data from or about a particular consumer, computer or device, including misrepresenting how that data is collected, used, disclosed or shared. The consent order also bars misrepresentations about the extent to which software code on a webpage determines whether a user has previously visited a website.
This settlement comes as the FTC continues to explore the regulation of behavioral advertising and the practices and privacy implications of data collection on the Web. In fact, the FTC hosted a workshop, called The Big Picture, focusing on such issues today. This settlement shows that the FTC continues to be vigilant in protecting consumers from companies that do not abide by their own privacy policies or fail to accurately disclose their data collection practices.
*Mr. MacDonald was formerly a lawyer with Olshan's IP Department.