«

»

Nov
09
2011

How Flash Cookies Left A Bad Taste In the FTC’s Mouth

John Gamble
Marketing Manager | TRUSTe
@johnaddison

 

Image Credit 

Yesterday the Federal Trade Commission announced a settlement with ScanScout, an online video advertising network, over charges that the company deceived consumers about their ability to opt-out of online tracking activities. ScanScout’s privacy policy read:

“You can opt out of receiving a cookie by changing your browser settings to prevent the receipt of cookies.”

The problem? That wasn’t actually true. While one can opt-out of HTTP cookies using this method, the Flash cookies used by ScanScout to track consumers cannot be controlled via browser settings. (For more information about tracking technology like Flash cookies, check out this FTC educational article).  The FTC found ScanScout’s disclosure deceptive and in violation of the FTC Act and as part of the settlement the company is required to complete the following actions:

  1. Fix their privacy policy
  2. Display prominent notice on their homepage disclosing their tracking and linking to an opt-out mechanism
  3. Display a link within or next to all its targeted display ads that provides an opt-out mechanism

There’s been a real uptick in FTC privacy cases in the last year – most recently they’ve settled with skidekids.com for COPPA violations, Google over its “Google Buzz” rollout,  Frostwire for its Android App, and now ScanScout. And that’s just in the last two months! Could your company be next? Here are some takeaways from this most recent case:

You need total transparency in your privacy policy 

Leave no stone unturned in your disclosures. Avoid ambiguous language: if you’re tracking consumers then in no uncertain terms you should disclose a) how you are doing it, and b) how consumers can opt-out of it. Anything short of that invites scrutiny.

Tracking methods and opt-out mechanisms need to be one-to one. 

Flash cookies, super-cookies, tracking pixels etc. For each method you use to track consumer activity you need a corresponding, readily-available way for them to opt-out. Ideally, you should offer this control in a single opt-out mechanism that incorporates all of your tracking activities, but where technology makes this unfeasible  then individual opt-out mechanisms will suffice.

If you need help with your privacy strategy, give us a call – we have specialized privacy solutions that can cover everything from 3rd-party data collection ( TRUSTed Data Collection Certification)  to online behavioral advertising (TRUSTed Ads) and can help ensure your company provides consumer with robust privacy notice and choice.

Comments