Earlier this week, the Federal Trade Commission announced that it has reached a settlement with Chitika, Inc., an ad network that tracks a user’s online activities in order to deliver advertising targeted to the individual user’s interests.  In its complaint, the FTC claimed that Chitika made statements that (1) users could opt out of targeted advertising by clicking on an “Opt-Out” button and (2) users who clicked on the button “are currently opted out.” The FTC also alleged that Chitika’s cookie-based opt-out mechanism lasted only 10 days, and that Chitika did not inform users about the duration of the opt-out.  The FTC claimed that Chitika’s statements constituted a representation that Chitika’s opt-out will last for a “reasonable period of time,” and that because 10 days is not a reasonable period, its statements were deceptive. 

As part of the settlement, Chitika must include a hyperlink in every targeted ad that takes consumers to a clear opt-out mechanism.  User opt outs must be effective for at least five years. 

The settlement may help inform industry’s ongoing development of innovative opt-out tools for consumers to control whether information is used for targeted advertising.  The Consent Order not only suggests that five years is a “reasonable” period of time for a user’s opt-out selection to last, but it also reaffirms that cookie-based opt-out methods are an acceptable means for allowing consumers to opt out of targeted adverting.   Importantly, the Consent Decree carves out from the five-year effective period scenarios where a user deletes his or her cookies or takes deliberate action to disable the mechanism. 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.