By Alan Gahtan - LEXPERT Magazine, March 2000
As use of the Internet continues to grow, so does concern regarding the loss of privacy. On February 10th, 2000 the Electronic Privacy Information Center (EPIC), a Washington based advocacy and litigation group which focuses on privacy issues involved in computer and Internet technologies, filed a complaint with the US Federal Trade Commission (FTC) alleging that the online information collection practices of DoubleClick and its business partners constitute unfair and deceptive trade practices.
DoubleClick is a leading provider of Internet-based advertising services. The company places messages on behalf of advertisers on Web sites that are part of the "DoubleClick Network," which consists of highly-trafficked Web sites grouped together by DoubleClick in defined categories of interest. The DoubleClick Network consists of more than 1,000 companies that have agreed to display DoubleClick advertising on the Web sites they operate and to enable the placement of "cookies" on the computers of Internet users who visit their Web sites. These include AltaVista, The Dilbert Zone, Macromedia, U.S. News Online, PBS Online, Multex Investor Network, Travelocity and Major League Baseball.
The EPIC complaint focuses on DoubleClick's Dynamic Advertising Reporting and Targeting (DART) technology. DART uses "cookies" to keep track of online usage by individual browsers which visit web sites with DoubleClick managed ads. When a user is first "served" an ad, DoubleClick assigns the user a unique number and records that number in the "cookie" file of the user's computer (usually without the user's knowledge or consent). When the user subsequently visits a Web site on which DoubleClick serves ads, DoubleClick reads and records that unique number, and also notes the type of content being viewed. As a user visits Web sites that utilize DoubleClick's technology, DART collects information regarding the user and his or her viewing activities and ad responses. This information is then aggregated in a dataase and used to personalize the ads people see when they visit any of the DoubleClick network of Web sites. This use of cookies to create profiles on online user activity is not unique to DoubleClick and is also utilized by many of its competitors.
DoubleClick describes DART as a technology which matches advertiser-selected target profiles with individual user profiles and delivers an appropriately targeted ad. In contrast, the complaint filed by EPIC alleges that:
"DoubleClick Inc. has engaged, and is engaging, in unfair and deceptive trade practices by tracking the online activities of Internet users and combining that tracking data with detailed personally-identifiable information contained in a massive, national marketing database. DoubleClick Inc. engages in these activities without the knowledge or consent of the affected consumers, and in contravention of public assurances that the information it collects on the Internet would remain anonymous."
Except with respect to advertising to children, the FTC does not currently have any specific statutory authority over online advertising or data collection processes, unless they are unfair and deceptive. While there are several bills pending in the Congress which would expand the authority of the FTC with respect to privacy issues, the FTC has to date limited the situations where it takes action to those where a company has published a privacy policy and then violates that policy.
A privacy policy published by DoubleClick in 1997 stated that "DoubleClick does not know the name, email address, phone number, or home address of anybody who visits a site in the DoubleClick Network. All users who receive an ad targeted by DoubleClick's technology remain completely anonymous." DoubleClick's business partners have similarly represented that DoubleClick cookies generated at their Web sites were anonymous and that no personally-identifiable information would be collected by DoubleClick or its business partners as a result of the placement of DoubleClick cookies. However, a recent merger with Abacus Direct Corporation, a leading provider of specialized consumer information and analysis for the direct marketing industry, would permit DoubleClick to combine anonymous Internet profiles in the DoubleClick database with the personal information contained in the Abacus database. More than 1,050 direct marketers are reported to have contributed their customers' purchasing histories to Abacus for inclusion in its database. As of December 31, 1998, the Abacus database contained over 88 million detailed buyer profiles compiled from records of over 2 billion catalog purchasing transactions.
The EPIC Complaint also expresses concern about DoubleClick's opt out policy which purports to offer users the ability to "opt-out" of the information sharing. Some third-party Web sites that generate DoubleClick cookies do inform users of their relationship with DoubleClick and that DoubleClick places cookies on the computers of users who visit such third-party sites. However, users are rarely given notice by such third-party Web sites that they need to visit the DoubleClick Web site in order to understand DoubleClick's data collection activities or learn about any available "opt-out" procedures. Other Web sites which partner with DoubleClick have reportedly continued to assure users that they will remain anonymous. EPIC would like the FTC to, among other things, order DoubleClick "to obtain the express consent of any Internet user about whom DoubleClick intends to create a personally-identifiable record, and to develop such means as are necessary to ensure that the user has access to the complete contents of the record".
DoubleClick is not alone in having come to the attention of privacy advocates. Last fall, Real Networks came under fire for its collection of information from people who use its RealJukebox software to play CDs on their computers. The information transmitted to Real Networks, each time the program is used, includes the user's music preferences, the number of songs stored on the user's hard disk and a unique identifier which is assigned to the user when the software is registered. The IP address of the user's computer would also be revealed as part of each transmission. This information can then be combined with the user's e-mail address and ZIP code, both of which must be provided during the registration process. Users who register for the PRO version of the product would also have their name, credit card number and mailing address, combined with the other information. In response to public criticism, Real Networks released a patch on their Web site that would disable the automatic transmission of the usage information to Real Networks.
Related Sources: Canadian Legal Resources | Cyberlaw Encyclopedia | Entrepreneur Resources | Canadian Technology | Precedents | Alan Gahtan
© 2005 Alan M. Gahtan. All Rights
Reserved | Use is subject to these Legal
Terms
Disclaimer: Not all materials may be applicable in your jurisdiction. Not intended to be a
substitute for professional advice. No implied endorsement of, or affiliation with, any
linked sites. Path to individual pages may change - please link to home page only.
Linking Info