I've Been Mugged Blog

Six states, including Illinois Attorney General Lisa Madigan, announced a $750,000 settlement with Pointroll, a digital advertising firm, after investigations for privacy violations. The Illinois AG announced:

"... Madigan and her counterparts from five other states alleged that PointRoll unlawfully deployed a browser circumvention technique that allowed it to place browser cookies on consumers’ Safari web browsers despite privacy settings configured to “block cookies from third-parties and advertisers” or alternatively set to “accept cookies” from “visited sites” (for Safari browsers on Apple iPhones and iPads) between December 13, 2011, and February 15, 2012."

Browser cookie files, often referred to as "cookies," are small text files web browsers create, update, and save to users' computers. These files allow advertisers to gather information about users online habits often including the sites you visit online. Pointroll is owned by the Gannett Corporation.

The settlement agreement requires Pointroll to respect and comply with consumers' cookie-blocking choices, provide prominent Privacy Policy buttons with links to complete policies on any websites it operates, and to implement a privacy program within six months that trains its employees about consumer privacy and how to maintain it. That program must include yearly assessments and make ongoing changes as needed. Additional terms of the settlement:

• "Never misrepresent or omit material facts concerning the purposes for which it collects and uses consumer information, or the extent to which consumers may exercise control over the collection, disclosure or use of such information.
• Ensure that its servers are configured to instruct Safari web browsers to expire any cookie placed by PointRoll using its browser circumvention technique, if those systems encounter such a cookie, for a period of two years.
• Cooperate with compliance monitoring by the participating states, including providing a written report that describes PointRoll’s compliance with the privacy program requirement and allowing the inspection and copying of all records that may be required to verify compliance."

Besides Illinois, the states involved in the settlement include Connecticut ($110,000), Florida, Maryland ($110,000), New Jersey ($200,000), and New York ($110,000). The Connecticut Attorney General's announcement included a statement by the state's Consumer Protection Commissioner, William M. Rubenstein:

"Brazenly disregarding consumer preferences is an unwise business practice that borders on unethical conduct... We applaud New Jersey’s leadership in the investigation and negotiation with PointRoll and we will continue to uphold Connecticut consumers’ right to choose.”

Borders on unethical conduct? The settlement terms are pretty standard stuff (e.g., requires Pointroll to respect and comply with users' browser settings to block cookies, train employees, submit to annual assessments, and prominently display buttons with links to privacy-policies on its websites). That the firm had to be forced to do this makes one wonder what Pointroll's internal company culture is regarding ethics and privacy. It makes one wonder how trustworthy, or not, the executives at Pointroll are. Are executives at Gannett paying attention?

Readers of this blog know that advertisers have used a variety of technologies (e.g., browser cookies, "zombie cookies," Flash cookies ("super cookies," etags) to ignore and circumvent  consumers' explicit decisions and web browser settings not to be tracked online. I congratulate the six attorneys general and their staff for protecting and enforcing consumers' privacy.

What are your opinions of this settlement agreement?