Ringleader Digital — an online advertising firm specializing in the mobile market — has agreed to settle two putative class actions that were filed against it last fall. The plaintiffs alleged that Ringleader violated the federal Computer Fraud and Abuse Act, 18 U.S.C. § 1030, as well as various state privacy and consumer protection laws, by using HTML5 software to track users’ online activities. Under the proposed settlement agreement [PDF], Ringleader will pay $30,000 to the named plaintiffs in both actions and $670,000 in attorneys’ fees. The proposed agreement also provides for significant injunctive relief.
This is the second notable settlement of a privacy litigation in the past three months. As we discussed in a previous post, online marketing firms Quantcast and Clearspring settled several privacy suits arising from the alleged use of “Flash cookies” to track users’ browsing activities for advertising purposes. As with the Quantcast/Clearspring settlement, the settlement announced in the Ringleader cases is somewhat surprising given the strong defenses Ringleader appeared to have to the asserted claims and the limited release obtained. Eric Bosset, Simon Frankel, Mali Friedman, and I recently published an article in the Intellectual Property & Technology Law Journal that details some of those defenses.
Under the terms of the settlement, Ringleader has agreed to “engage with the Mobile Marketing Association [MMA] to develop data-specific industry standards for the privacy and information security of mobile device advertising information.” (As we noted in a previous post, the MMA is currently developing such standards.) Ringleader will also delete any information that it collected from users who had opted out of tracking in the past and will improve its disclosures informing users about how to opt out in the future. Only the named plaintiffs’ claims for damages would be released under the settlement agreement.