[author: Bob Scott]
The Federal Trade Commission (“FTC”) announced a proposed settlement of allegations that online advertising company Epic Marketplace, Inc. and its affiliate Epic Media Group (“Epic”) engaged in deceptive practices by failing to accurately describe their online advertising data practices. Specifically, the FTC alleged that Epic failed to disclose that it ran software script which determined whether consumers had visited thousands of web sites outside of Epic’s advertiser network, and falsely represented that it only collected browser information from web sites within Epic’s affiliated advertiser network. The settlement is the FTC’s first action against browser history sniffing. The proposed settlement must be approved by a majority of the Commissioners before it becomes effective.
The terms of the FTC’s proposed consent order with Epic include:
• prohibiting Epic from collecting data through browser history sniffing
• prohibiting Epic from using, and ordering Epic to destroy, all data obtained through browser history sniffing
• prohibiting Epic from misrepresenting the extent of data collected, used, or shared
• requiring Epic to accurately represent “the extent to which it maintains the privacy or security of covered information”
• requiring Epic to maintain detailed records of compliance with these terms, and submit a report demonstrating compliance
Significantly, it appears the agreement is more about the FTC establishing precedent than rectifying existing practices – press reports suggest that Epic Marketplace discontinued the browser history sniffing practice in 2011, and that the company may no longer be in business.
Moreover, as described by the FTC, Epic’s browser history sniffing practice did not comport with “best practices” of online advertising self-regulatory groups such as the Network Advertiser Initiative and Digital Advertising Alliance. The proposed settlement underscores the importance of embracing online advertising self-regulatory principles and practices.