FTC Settlement Embodies First Agency Action Against Browser History Sniffing


[author: Bob Scott]

The Federal Trade Commission (“FTC”) announced a proposed settlement of allegations that online advertising company Epic Marketplace, Inc. and its affiliate Epic Media Group (“Epic”) engaged in deceptive practices by failing to accurately describe their online advertising data practices. Specifically, the FTC alleged that Epic failed to disclose that it ran software script which determined whether consumers had visited thousands of web sites outside of Epic’s advertiser network, and falsely represented that it only collected browser information from web sites within Epic’s affiliated advertiser network. The settlement is the FTC’s first action against browser history sniffing. The proposed settlement must be approved by a majority of the Commissioners before it becomes effective.

According to the FTC, Epic said in its privacy policy that it would collect information about consumers’ visits to sites only within the Epic’s advertising network, alleged to consist of 45,000 sites. Yet in practice, the cookies received from these sites by consumers’ computers would run a script to determine whether the consumer had visited other web sites outside Epic’s network. Epic was able to update and track the results to obtain further details and to send targeted ads based on the consumer’s browsing history. Consumers would have no way to know Epic’s software actively searched the browser’s history.

The terms of the FTC’s proposed consent order with Epic include:

• prohibiting Epic from collecting data through browser history sniffing

• prohibiting Epic from using, and ordering Epic to destroy, all data obtained through browser history sniffing

• prohibiting Epic from misrepresenting the extent of data collected, used, or shared

• requiring Epic to accurately represent “the extent to which it maintains the privacy or security of covered information”

• requiring Epic to maintain detailed records of compliance with these terms, and submit a report demonstrating compliance

Significantly, it appears the agreement is more about the FTC establishing precedent than rectifying existing practices – press reports suggest that Epic Marketplace discontinued the browser history sniffing practice in 2011, and that the company may no longer be in business.

Moreover, as described by the FTC, Epic’s browser history sniffing practice did not comport with “best practices” of online advertising self-regulatory groups such as the Network Advertiser Initiative and Digital Advertising Alliance. The proposed settlement underscores the importance of embracing online advertising self-regulatory principles and practices.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Wright Tremaine LLP | Attorney Advertising

Written by:


Davis Wright Tremaine LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.