FTC Settlement Embodies First Agency Action Against Browser History Sniffing


[author: Bob Scott]

The Federal Trade Commission (“FTC”) announced a proposed settlement of allegations that online advertising company Epic Marketplace, Inc. and its affiliate Epic Media Group (“Epic”) engaged in deceptive practices by failing to accurately describe their online advertising data practices. Specifically, the FTC alleged that Epic failed to disclose that it ran software script which determined whether consumers had visited thousands of web sites outside of Epic’s advertiser network, and falsely represented that it only collected browser information from web sites within Epic’s affiliated advertiser network. The settlement is the FTC’s first action against browser history sniffing. The proposed settlement must be approved by a majority of the Commissioners before it becomes effective.

According to the FTC, Epic said in its privacy policy that it would collect information about consumers’ visits to sites only within the Epic’s advertising network, alleged to consist of 45,000 sites. Yet in practice, the cookies received from these sites by consumers’ computers would run a script to determine whether the consumer had visited other web sites outside Epic’s network. Epic was able to update and track the results to obtain further details and to send targeted ads based on the consumer’s browsing history. Consumers would have no way to know Epic’s software actively searched the browser’s history.

The terms of the FTC’s proposed consent order with Epic include:

• prohibiting Epic from collecting data through browser history sniffing

• prohibiting Epic from using, and ordering Epic to destroy, all data obtained through browser history sniffing

• prohibiting Epic from misrepresenting the extent of data collected, used, or shared

• requiring Epic to accurately represent “the extent to which it maintains the privacy or security of covered information”

• requiring Epic to maintain detailed records of compliance with these terms, and submit a report demonstrating compliance

Significantly, it appears the agreement is more about the FTC establishing precedent than rectifying existing practices – press reports suggest that Epic Marketplace discontinued the browser history sniffing practice in 2011, and that the company may no longer be in business.

Moreover, as described by the FTC, Epic’s browser history sniffing practice did not comport with “best practices” of online advertising self-regulatory groups such as the Network Advertiser Initiative and Digital Advertising Alliance. The proposed settlement underscores the importance of embracing online advertising self-regulatory principles and practices.

Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Wright Tremaine LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.