Published by LawTechie - November 29, 2011 - LawTechie

The Federal Trade Commission (FTC) has settled with ScanScout, Inc. over the company’s failure to include the fact that it used flash cookies to track users in its privacy policy. This is the second case in one month where the FTC either fined or has otherwise gone after a company for poorly implementing its privacy policy.

In this case, ScanScout interacts between publishers and advertisers by purchasing ad space on websites on behalf of the advertisers. The company’s privacy policy disclosed that ScanScout uses HTML cookies to track users in order to serve “interests related” advertisements to the users based on users’ online history. Disregarding the current debates over such tracking, the FTC took umbrage of the fact that ScanScout’s privacy policy failed to disclose that, between 2006 and 2009, ScanScout used flash cookies as part of its user tracking methodology.

Some background on the technology (from Wikipedia):

Local Shared Objects (LSO), commonly called flash cookies (due to their similarities with HTTP cookies) are pieces of data that websites which use Adobe Flash may store on a user’s computer. Local Shared Objects are used by all versions of Adobe Flash Player and Version 6 and above of Macromedia’s now-obsolete Flash Player…

Privacy Concerns: On 10 August 2009, Wired magazine reported that more than half of the top websites used Local Shared Objects to track users and store information about them but only four of them mentioned it in their privacy policy. “Flash cookies are relatively unknown to web users,” it said, “even if a user thinks they have cleared their computer of tracking objects, they most likely have not.” The article further asserts that some websites use Flash cookies as hidden backups, so that they can revive HTTP cookies when user deletes them.

The problem with flash cookies, from the user’s perspective, is that they are far more insidious than run of the mill HTML cookies by making it that much harder to avoid getting tracked. The problem, as far as the FTC is concerned, is that ScanScout failed to disclose its use of flash cookies to the users.

The Takeaway: More and more we see that the FTC is absolutely going after companies for “falsely advertising” or, in this case, failing to properly advertise their tracking policies. The settlement here requires ScanScout to, among other things, conspicuously disclose its behavioral tracking policies and opt-out mechanisms.

LawTechie is a blog focusing on trends in tech and digital media. Areas covered include intellectual property, cyberlaw, venture capital, transactions and litigation as they relate to the emerging sectors. The blog is edited by the firm's partner Tim Bukher with contributions from the firm's experts in their respective areas of law.


Enter your email to get started.