Online advertiser ScanScout has entered into a consent agreement with the Federal Trade Commission in connection with claims it made that consumers could opt out of receiving targeted ads by changing their computer’s web browser settings to block cookies. According to the FTC, these claims were deceptive with respect to the use of so-called “Flash cookies” since browser settings did not allow users to remove or block the Flash cookies used by the company. Flash cookies generally cannot be controlled through browser privacy settings, in contrast to traditional “HTTP” cookies.
Under the terms of the proposed settlement, ScanScout must post a prominent notice on its home page stating the following: “We collect information about your activities on certain websites to send you targeted ads. To opt out of our targeted advertisements, click here.” The company must provide a hyperlink to an opt-out mechanism that offers users the ability – through a single click or a single change to a browser setting – to prevent the company from:
- collecting information that can identify the user or her computer;
- associating any previously collected data with the user; or
- in the absence of any affirmative action by the user, redirecting the user’s browser to third parties that collect data.
The opt out choice must remain in effect for a minimum of five years. There also must be a clear and prominent notice within close proximity of the opt out mechanism that provides certain additional disclosures, including the current status of the user’s choice and any circumstances that, if initiated by the user, would disable the choice made by a user.
While the FTC and the company have entered a consent agreement, it will be subject to public comment for 30 days, through December 8, 2011, and final approval by the FTC. As we have previously reported here and here, the use of “Flash cookies” has been the subject of a number recent law suits, in addition to this recent FTC action.
The same day, the FTC announced a proposed consent agreement with Skid-e-Kids, a social networking website that targets “tweens,” that would settle claims the FTC filed against the website under the Children’s Online Privacy Protection Act and Section 5 of the FTC Act. According to the FTC complaint, Skid-e-Kids was collecting registration information from children without first attempting to notify a parent or obtain parental consent. The settlement bars future violations of COPPA and requires the defendant to destroy information collected from children in violation of its rules. It also imposes a civil penalty. The proposed consent decree is subject to court approval.