behavioral advertising

The last two weeks have brought two important decisions in the ongoing litigation over behavioral advertising firm NebuAd’s alleged use of a device to intercept data from ISP networks. Several ISPs allegedly permitted NebuAd to install an “appliance” on their networks in order to collect and analyze subscriber data for ad targeting purposes.  In lawsuits that began to be filed in 2008, plaintiffs have alleged that NebuAd–and the ISPs with which it allegedly partnered– violated Title I of the Electronic Communications Privacy Act (i.e., the Wiretap Act) as well as other federal and state laws.  Plaintiffs have sued the ISPs in separate suits around the country.  Two of these suits–against ISPs Embarq and WideOpen West (“WOW”)–yielded decisions in favor of the ISPs last week. 

Continue Reading Two New Decisions on the Wiretap Act and Secondary Liability

The group that develops technical standards and guidelines for the World Wide Web released a set of draft standards on Monday that are intended to allow consumers to limit and control how they are tracked online.

The standards, developed by the World Wide Web Consortium (known as the “W3C”), would allow consumers to set a “Do-Not-Track” preference using their browser or other tools.  The proposal effectively sets up an “opt-out” mechanism for online tracking because no preference is transmitted until the user affirmatively selects a setting.  The standard states that, absent laws, rules or other requirements to the contrary, servers may interpret the lack of an expressed preference “as they find most appropriate for the given user, particularly when considered in light of the user’s privacy expectations and cultural circumstances.”  Once set by the user, the Do-Not-Track preference would be transmitted to any website the user visits; the standard requires website servers that have implemented the standard to send a response signal indicating whether the website respects the tracking preference.  Users would be able to affirmatively allow tracking, block all tracking, or refuse tracking generally but allow tracking on certain sites.

Continue Reading Web-standards group releases draft “Do-Not-Track” mechanism

Yesterday, the Digital Advertising Alliance (DAA) announced the release of new “Self-Regulatory Principles for Multi-Site Data,” voluntary self-regulatory standards to govern the collection, use, and sharing of data concerning user activity across non-affiliated websites.  The DAA, an umbrella organization for advertising trade groups, already maintains self-regulatory principles for online behavioral advertising (OBA).  Notably, while the OBA Principles apply only to data collected for behavioral advertising purposes, the new Multi-Site Data Principles encompass all collections, use, and disclosure of multi-site data regardless of purpose.  The DAA expects its new principles will be implemented in 2012.
Continue Reading DAA Releases “Self-Regulatory Principles for Multi-Site Data”

On 26 August, 2011, the Article 29 Working Party, a group of European data protection authorities, published a letter to the Online Behavioural Advertising Industry regarding the proposed industry self-regulatory framework, known as the Best Practice Recommendation on Online Behavioural Advertising (the “Code”). The letter sets out the main data privacy concerns identified by the Working Party arising from the Code. The Working Party takes a strict view regarding the application of the European Data Protection and ePrivacy Directives to the use of cookies for purposes of tracking consumer behaviour online. The main issues discussed in the letter are set out below:
Continue Reading Article 29 Working Party Voices Concerns Over Behavioural Advertising Code

This week, Stanford Security Lab reported preliminary results from a platform it has been developing, a chief application of which is to detect various forms of third-party tracking in an automated manner.  According to researcher Jonathan Mayer’s release, which emphasizes that these are “preliminary findings from experimental software,” Stanford’s system has detected that over half of the companies tested that belong to the self-regulatory Network Advertising Initiative (“NAI”) group leave tracking cookies on users’ computers even after a user opts out of online behavioral targeting.  Importantly, though, NAI member companies are required by the NAI guidelines only to allow and abide by requests to opt out of behavioral ad targeting, and the guidelines do not contain commitments with respect to tracking.   This distinction between targeting and tracking has been the subject of increasing attention, including from the Federal Trade Commission.    

The preliminary study results also reportedly show that at least eight NAI members—including prominent networks such as 24/7 Real Media and Audience Science—commit in their privacy policies to stop tracking users following an opt-out request, but nonetheless leave tracking cookies in place.  Although the media and, increasingly, plaintiffs’ counsel can be quick to latch onto these types of reports, it will be critical to closely examine each company’s privacy policy language in the context of the company’s actual practices.

Continue Reading Preliminary Results Reported From Stanford “Tracking the Trackers” Study

Earlier this week, the Federal Trade Commission announced that it has reached a settlement with Chitika, Inc., an ad network that tracks a user’s online activities in order to deliver advertising targeted to the individual user’s interests.  In its complaint, the FTC claimed that Chitika made statements that (1) users could opt out of targeted advertising by clicking on an “Opt-Out”