U.S. Ends DoubleClick Privacy Probe

The U.S. Federal Trade Commission (FTC) announced Monday that it had closed its year-long probe into the data collection and handling practices of DoubleClick, concluding that the Internet advertising firm did not violate its own privacy policy or engage in deceptive trade practices.

The investigation, which initially came to light in February, was triggered when the ad company revealed plans to integrate online tracking data with offline personal information — such as individual names, addresses and shopping patterns — taken from the extensive catalogs of Abacus Direct Corp., a direct marketing services company that DoubleClick acquired in 1999.

A firestorm of controversy erupted, after privacy advocates raised concerns that the correlated data would lead to gross invasions of consumer privacy. Many also feared that the personal data would be sold to any company or organization that wanted to buy it for a fee.

DoubleClick subsequently decided to forego its proposed integration of the data, a fact that played a significant role in the FTC’s decision to drop its inquiry. The government agency had been looking into whether DoubleClick was “engaged in unfair or deceptive acts or practices” with regard to its data gathering system.

Clean Slate

In a letter to DoubleClick counsel notifying the company that the probe was ending, Joel Winston, the acting associate director of the FTC’s division of financial practices, said it appears that the company “never used or disclosed consumers’ [personal information] for purposes other than those disclosed in its privacy policy.”

Added Winston: “Specifically, it appears that DoubleClick did not combine [personal information] from Abacus Direct with clickstream collected on client sites.”

The FTC also noted that it “reserves the right to take further action as the public interest may require.”

Changes Required

For its part, DoubleClick said that the FTC announcement validates its long-standing position that it did not violate its privacy policy or take part in deceptive trade practices. DoubleClick chief executive officer Keith Ryan said the firm “remains committed to ensuring the highest level of online consumer privacy, both within our company and throughout the industry.”

The FTC laid out a series of modifications that DoubleClick agreed to make to the next version of its privacy policy. The changes include: (1) posting an explanation for consumers to read about the site’s use of invisible Web graphics, known as “Web bugs,” to collect information about users, (2) clarification of the site’s “opt-out” feature allowing users to disconnect the company’s cookies, and (3) a revision of the company’s Internet address finder privacy policy to clearly state that users must opt to join a mail list before their data is sold.

In addition, the FTC cited DoubleClick’s “commitment” to the Network Advertising Initiative (NAI), an industry-led consortium that has agreed to uphold a set of self-regulatory data-privacy and ethical standards.

Although the FTC investigation of DoubleClick is over, many privacy advocates say the case proves that federal laws are needed to safeguard consumer privacy on the Internet. The current Congress is widely expected to propose such legislation this year.