X

DoubleClick nearing privacy settlements

The Net advertising company is granted preliminary approval to settle all state and federal class-action lawsuits charging that it violated the privacy of Web surfers.

Stefanie Olsen Staff writer, CNET News
Stefanie Olsen covers technology and science.
Stefanie Olsen
4 min read
A federal court on Friday granted DoubleClick preliminary approval to settle all state and federal class-action lawsuits that charged it violated the privacy of Web surfers.

The preliminary settlement, set to be finalized May 21, would clear up class-action lawsuits from California, Texas and New York that were consolidated last year. The suits charged that DoubleClick violated state and federal laws by surreptitiously tracking and collecting consumers' personally identifiable data and combining it with information on their Web surfing habits.

Under the settlement, DoubleClick has agreed to give consumers clear notice and choice of any data-collection practices within its privacy policy. Among other provisions, the settlement requires DoubleClick to obtain permission from consumers before combining any personally identifiable data with Web surfing history.

"DoubleClick will continue to provide the same full range of marketing solutions for our clients, buttressed by new and improved internal controls and protections to further safeguard consumer information," DoubleClick Chief Privacy Officer Jules Polonetsky said in a statement.

Legal counsel for the plaintiffs viewed the agreement as the foundation for best practices in online advertising.

"The settlement is fair and reasonable," said Ira Rothken, one of the lead plaintiffs' settlement counsel. "I hope that the online advertising industry on the whole will look to this settlement for guidelines on how to conduct their own business practices."

The New York-based interactive marketing services company had been under intense pressure over its data-gathering practices since late 1999, when it bought catalog marketer Abacus Direct and announced plans to merge consumers' offline and online data. Shortly afterward, the company became the subject of a federal probe into its online monitoring practices. Adding to the scrutiny, the company was slammed with several class-action suits and a federal privacy suit.

Many of the fires have been doused with cold water. In January 2001, the Federal Trade Commission closed its investigation of DoubleClick after it found the company did not violate its privacy policy. Months later, a federal judge dismissed a federal privacy suit in New York.

Still, after resolving the class-action suits, the company would continue to face an investigation by the attorneys general of several states related to its data-collection practices, according to regulatory filings. The inquiry has been solidified into New York state.

Protecting privacy
Since drawing extensive scrutiny, DoubleClick has stepped up efforts in the last two years to improve awareness and protections for consumer privacy. Among many steps, it has hired a chief privacy officer and initiated partnerships with consultants including the Privacy Council. The company has also updated its privacy policy, soliciting government and public opinion in the process.

Under Friday's preliminary settlement, the company has agreed to greatly enhance its privacy measures. It has also agreed to pay legal fees and costs of up to $1.8 million, which the company said it accounted for as part of its operating expenses in the third quarter of 2001.

Among the provisions, DoubleClick will extend an education campaign on consumer privacy that includes running 300 online advertisements. The company said it has already broadcast 100 million online ads about consumer privacy. In addition, it will ensure that data collected in tiny files known as cookies will be regularly purged and new cookies will be set to expire every five years.

The company also has agreed to throw out any online data it obtained during the course of testing the manner in which online and offline data could be merged.

An independent accounting firm will review the company over the two-year term of the settlement to ensure compliance. The designated firm will extend DoubleClick's current auditing program with PricewaterhouseCoopers.

The final hearing, set for May 21, will be heard in the U.S. District Court for the Southern District of New York.

The proposed settlement immediately drew criticism from the Electronic Privacy Information Center, which was the first to file a formal complaint against DoubleClick's tracking practices with the Federal Trade Commission in February 2000.

"This is really not where the story should end," said Marc Rotenberg, executive director for EPIC. "You have to keep in mind DoubleClick's unique position--its consumer profiles are collected from Web sites it supplies advertising to. For this reason, we should expect a much higher standard for privacy protection."

In particular, Rotenberg faulted the agreement because it did not provide consumers with access to any profiles created on them by DoubleClick. He also said DoubleClick should limit the life of cookies on a session or on a daily basis, rather than a 5-year period. He argued that the provision is a red herring because most consumers change computers every two to three years.

Rotenberg said EPIC plans to look more closely at the settlement over the next few weeks and is exploring various options.