DoubleClick Settles Probe with $450K Payout

Online advertising giant DoubleClick has announced it will pay US$450,000 and revamp its business practices to end a privacy investigation launched nearly three years ago by the attorneys general of 10 states.

Over the course of the inquiry, investigators sought to discern whether DoubleClick misused personal information gleaned from consumers and, by storing and sharing that data, left them vulnerable to risk.

Guard Your Cookies

The company uses Web cookies and other tools to gather user data and help its clients focus their advertising and marketing efforts.

Mark Peacock, an analyst at Deloitte Consulting, told the E-Commerce Times that in recent months, users seem to have become more tolerant of cookies because of the convenience that they afford by eliminating the need to remember usernames and passwords.

But Giga Information Group analyst John Ragsdale told the E-Commerce Times that while users see the benefit of being able to resume site sessions or avoid rekeying usernames, cookie technology is used mostly “at the expense of the user” for spam, clickstream monitoring and tracking demographics.

DoubleClick first drew the ire of privacy groups nearly three years ago when it bought Abacus Direct — a direct marketing company that maintained a database of names, addresses and retail purchasing habits of 90 percent of U.S. households — and began profiling Web users.

Paying Up

The payment to which DoubleClick has agreed will help defray the cost of the investigation led by New York Attorney General Eliot Spitzer and pursued by the attorneys general of Arizona, California, Connecticut, Massachusetts, Michigan, New Jersey, New Mexico, Vermont and Washington.

All of the involved states agreed to drop the probe if DoubleClick would meet specified requirements regarding disclosure, storage and use of personal data.

Elizabeth Wang, senior vice president and general counsel at DoubleClick, said the company “worked closely with the attorneys general to build upon the robust privacy practices it has already implemented.”

Meanwhile, Spitzer praised DoubleClick for its “cooperation in setting an industry standard for promoting consumer privacy in the data collection and tracking taking place across networked Web sites.”

No Admission

Contending that it is not admitting to any wrongdoing, DoubleClick agreed to continue posting its privacy policy, which explains its practices regarding user data. The company said it also will “maintain reasonable procedures” designed to ensure that its clients are in compliance with the provisions spelled out in its contracts.

In addition, the company will stick to its original promises to clients and users — collecting and using the data as it claimed it would at the time of collection.

DoubleClick also agreed that when it collects user data for a client, it will not share that data with anyone other than the client or another person or entity designated by the client.

Keeping Consumers Informed

Despite the settlement, targeting users on the basis of anonymous profiles remains a sensitive issue. To alleviate concern, DoubleClick has agreed to make”reasonable efforts” to create technology that will let users see the categories associated with their ad serving cookies.

The company also will notify users about any changes to its policies. As a result, users will be able to opt in to an e-mail alert system that will inform them of any changes DoubleClick might make to its privacy statement.

In addition, as part of the agreement, DoubleClick will provide independent verification that it is complying with the terms of the agreement reached with the 10 states. The company will retain a third party to conduct three compliance reviews.