FTC and Online Advertiser
Settle Over
|
|
|
In a development that once
again underscores the importance of an online vendor’s adherence to the terms
of its privacy policy, the Federal Trade Commission (“FTC”) agreed on
November 8, 2011 to settle a dispute with online advertiser ScanScout
over that company’s data collection policies. ScanScout (which recently merged with Tremor Video, Inc.) is a
video advertising network that places video advertisements on websites for
its clients. To target its ads, ScanScout
uses online behavioral advertising techniques, including the use of Flash
cookies. Flash cookies, like traditional HTTP cookies, store and
collect information about a user’s online activities and allow advertising
networks to recognize a user’s computer and target it for specific ads.
Unlike traditional HTTP cookies, however, Flash cookies cannot be controlled
or deleted through a browser’s privacy settings. Further, the
information that Flash cookies collect is stored in a different location on
the computer than information gathered by an HTTP cookie. Users
therefore could not block or delete ScanScout’s
Flash cookies, or otherwise prevent ScanScout from
collecting data about the user’s online activities. Notwithstanding a user’s
inability to block or delete Flash cookies, ScanScout’s
privacy policy between April 2007 and September 2009 explicitly stated that “You
can opt out of receiving a cookie by changing your browser settings to
prevent the receipt of cookies.” This, according to the FTC
complaint, constituted a deceptive practice under the Federal Trade
Commission Act. The proposed consent
agreement, which was approved 4-0 by the FTC, bars ScanScout
from misrepresenting the extent to which it collects, uses, shares, or
discloses consumer data, or the extent to which users may control the
collection, use, disclosure or sharing of such data. ScanScout must also place a clear and prominent notice on
its home page and website advising users that it collects information on each
user’s online activities. This notice must contain a hyperlink directing
users to an opt-out mechanism that allows them to prevent ScanScout
from collecting data that can be associated with a particular user or that
contains any unique identifier (including a user ID or Internet Protocol
address) or from redirecting a browser to third parties that collect data
without the user’s affirmative consent. If a user decides to opt-out,
that choice must remain in effect for a minimum of five years unless reversed
by the user. In addition, ScanScout must,
within 90 days of adoption of the FTC’s final order, include a hyperlink
within or immediately adjacent to any display advertisement it places that
directs consumers to the opt-out mechanism. The proposed consent order
also imposes additional reporting requirements on ScanScout,
and will remain in force for 20 years. The FTC’s settlement in
this case makes abundantly clear the need to ensure that your company’s
privacy policies are written and regularly updated to reflect accurately your
actual online data collection practices. This is critically important
in today’s rapidly evolving information technology environment. Comments regarding the
proposed consent agreement may be filed with the FTC until December 8,
2011. If you are interested in filing comments or have any questions,
please contact Louis J. Levy (llevy@lermansenter.com)
or any of the other attorneys in our office. November 14, 2011 |
|
|
This memorandum is intended only as a general discussion of these issues and should not be regarded as legal advice. We would be pleased to provide additional details or advice about specific situations if desired. Copyright © 2011, Lerman Senter PLLC 2000 K Street NW,
Suite 600 | Washington, DC 20006-1809 To Unsubscribe: Unsubscribe | To Update Client Info: Update Client Info |
|
