[author: Bob Scott]
The Federal Trade Commission (“FTC”) announced a proposed settlement of allegations that online advertising company Epic Marketplace, Inc. and its affiliate Epic Media Group (“Epic”) engaged in deceptive practices by failing to accurately describe their online advertising data practices. Specifically, the FTC alleged that Epic failed to disclose that it ran software script which determined whether consumers had visited thousands of web sites outside of Epic’s advertiser network, and falsely represented that it only collected browser information from web sites within Epic’s affiliated advertiser network. The settlement is the FTC’s first action against browser history sniffing. The proposed settlement must be approved by a majority of the Commissioners before it becomes effective.
According to the FTC, Epic said in its privacy policy that it would collect information about consumers’ visits to sites only within the Epic’s advertising network, alleged to consist of 45,000 sites. Yet in practice, the cookies received from these sites by consumers’ computers would run a script to determine whether the consumer had visited other web sites outside Epic’s network. Epic was able to update and track the results to obtain further details and to send targeted ads based on the consumer’s browsing history. Consumers would have no way to know Epic’s software actively searched the browser’s history.
The terms of the FTC’s proposed consent order with Epic include:
• prohibiting Epic from collecting data through browser history sniffing
• prohibiting Epic from using, and ordering Epic to destroy, all data obtained through browser history sniffing
• prohibiting Epic from misrepresenting the extent of data collected, used, or shared
• requiring Epic to accurately represent “the extent to which it maintains the privacy or security of covered information”
• requiring Epic to maintain detailed records of compliance with these terms, and submit a report demonstrating compliance
Significantly, it appears the agreement is more about the FTC establishing precedent than rectifying existing practices – press reports suggest that Epic Marketplace discontinued the browser history sniffing practice in 2011, and that the company may no longer be in business.
Moreover, as described by the FTC, Epic’s browser history sniffing practice did not comport with “best practices” of online advertising self-regulatory groups such as the Network Advertiser Initiative and Digital Advertising Alliance. The proposed settlement underscores the importance of embracing online advertising self-regulatory principles and practices.
