The preliminary settlement, set to be finalized May 21, would clear up class-action lawsuits from California, Texas and New York that were consolidated last year. The suits charged that DoubleClick violated state and federal laws by surreptitiously tracking and collecting consumers' personally identifiable data and combining it with information on their Web surfing habits.
"DoubleClick will continue to provide the same full range of marketing solutions for our clients, buttressed by new and improved internal controls and protections to further safeguard consumer information," DoubleClick Chief Privacy Officer Jules Polonetsky said in a statement.
Legal counsel for the plaintiffs viewed the agreement as the foundation for best practices in online advertising.
"The settlement is fair and reasonable," said Ira Rothken, one of the lead plaintiffs' settlement counsel. "I hope that the online advertising industry on the whole will look to this settlement for guidelines on how to conduct their own business practices."
The New York-based interactive marketing services company had been under intense pressure over its data-gathering practices since late 1999, when it bought catalog marketer Abacus Direct and announced plans to merge consumers' offline and online data. Shortly afterward, the company became the subject of a federal probe into its online monitoring practices. Adding to the scrutiny, the company was slammed with several class-action suits and a federal privacy suit.
Still, after resolving the class-action suits, the company would continue to face an investigation by the attorneys general of several states related to its data-collection practices, according to regulatory filings. The inquiry has been solidified into New York state.
Under Friday's preliminary settlement, the company has agreed to greatly enhance its privacy measures. It has also agreed to pay legal fees and costs of up to $1.8 million, which the company said it accounted for as part of its operating expenses in the third quarter of 2001.
Among the provisions, DoubleClick will extend an education campaign on consumer privacy that includes running 300 online advertisements. The company said it has already broadcast 100 million online ads about consumer privacy. In addition, it will ensure that data collected in tiny files known as cookies will be regularly purged and new cookies will be set to expire every five years.
The company also has agreed to throw out any online data it obtained during the course of testing the manner in which online and offline data could be merged.
An independent accounting firm will review the company over the two-year term of the settlement to ensure compliance. The designated firm will extend DoubleClick's current auditing program with PricewaterhouseCoopers.
The final hearing, set for May 21, will be heard in the U.S. District Court for the Southern District of New York.
The proposed settlement immediately drew criticism from the Electronic Privacy Information Center, which was the first to file a formal complaint against DoubleClick's tracking practices with the Federal Trade Commission in February 2000.
"This is really not where the story should end," said Marc Rotenberg, executive director for EPIC. "You have to keep in mind DoubleClick's unique position--its consumer profiles are collected from Web sites it supplies advertising to. For this reason, we should expect a much higher standard for privacy protection."
In particular, Rotenberg faulted the agreement because it did not provide consumers with access to any profiles created on them by DoubleClick. He also said DoubleClick should limit the life of cookies on a session or on a daily basis, rather than a 5-year period. He argued that the provision is a red herring because most consumers change computers every two to three years.
Rotenberg said EPIC plans to look more closely at the settlement over the next few weeks and is exploring various options.