In the latest news concerning a 2012 circumvention of a Web browser’s privacy settings, New York Attorney General Eric T. Schneiderman announced that digital advertising company PointRoll — part of media giant Gannett, which owns USA Today and Gannett Broadcasting — has agreed to a $750,000 settlement with New York, New Jersey, Connecticut, Florida, Maryland and Illinois.
To recap: In February 2012, the Wall Street Journal reported on new research by Stanford researcher Jonathan Mayer that shows four companies seek to circumvent consumers’ privacy settings in Apple’s browser, Safari. The four companies are: Google, Vibrant Media, Media Innovation Group and PointRoll. Google said the circumvention was a mistake and it has disabled the code, but there was (pdf) public criticism, including a complaint (pdf) filed with the Federal Trade Commission. Questions were raised about whether the Safari circumvention meant that Google had violated a settlement it made with the FTC last year over Google’s Buzz product. The Internet services giant had agreed to a comprehensive privacy program to settle charges (pdf) it “used deceptive tactics and violated its own privacy promises to consumers when it launched its social network, Google Buzz. In August 2012, the FTC announced Google would have to pay a minimal-for-the-Internet-giant fine of $22.5 million to settle charges that it circumvented users’ Do Not Track privacy settings in Safari. In November 2013, Maryland announced that it joined 36 states at the District of Columbia in settling with Google for $17 million.
Schneiderman announced that other conditions of the settlement require PointRoll to:
- Not take action to override an Internet browser’s cookie-blocking settings configured by user choice or by default.
- Not misrepresent or omit material facts concerning the purposes for which it collects and uses consumer information, or the extent to which consumers may exercise control over the collection, disclosure or use of such information. […]
- Implement a Privacy Program within six months that includes employee training on the importance of user privacy, as well as the duty of PointRoll employees to help maintain it. The Privacy Program is also to include annual internal assessments of the effectiveness of the Privacy Program’s controls, and updates to those controls when the internal assessments identify a need.
- Ensure that its servers are configured to instruct Safari Web browsers to expire any cookie placed by PointRoll using its browser circumvention technique, if those systems encounter such a cookie, for a period of two years.