In a first, the Federal Trade Commission has charged an ad network with engaging in a deceptive business practice by allegedly using Flash cookies to track Web users.
The regulators' complaint, unveiled on Tuesday, alleges that video ad network ScanScout violated its privacy policy by using Flash cookies from 2007 to 2009 in order to track users' online activity to serve them targeted ads.
Flash cookies were originally designed to remember users' preferences for online video players and other applications, but some companies use such cookies to store the same type of information that is normally found on HTTP cookies. Flash cookies are stored in a different place in people's browsers than HTTP cookies and, until recently, couldn't be deleted or blocked through browser controls.
ScanScout, which was acquired last year by Tremor Media, allegedly said in its privacy policy that users could opt out of receiving cookies by changing their browser settings. That statement was deceptive, the FTC says in the complaint.
“ScanScout represented, expressly or by implication, that consumers could prevent ScanScout from collecting data about their online activities by changing their browser settings to prevent the receipt of cookies,” the FTC alleges. “Consumers could not prevent ScanScout from collecting data about their online activities by changing their browser settings to prevent the receipt of cookies. Therefore, the representation ... was false or misleading.”
The case comes almost two years after consumer protection head David Vladeck expressed concern that companies were thwarting users' privacy settings with Flash cookies. Since then, several other companies have been accused of tracking people with Flash cookies and three companies -- Quantcast, Clearspring and Say Media's VideoEgg -- agreed to pay a total of $3.4 million to settle civil lawsuits.
The FTC hasn't publicly accused any companies other than ScanScout of using Flash cookies deceptively.
The same day that the FTC announced the complaint, it also announced that Tremor had agreed to settle the charges by promising to notify Web users about tracking and allow them to opt out. The company specifically said it will allow users to opt out of the collection of most data containing unique identifiers, including an IP addresses. The proposed settlement allows Tremor to continue collecting data from opted-out users for some purposes, including frequency capping, fraud prevention and age verification.
Tremor said two months ago that it planned to roll out the you-are-being-targeted icons developed by the umbrella group Digital Advertising Alliance on video ads. The company isn't admitting wrongdoing as part of the proposed settlement.
Tremor also is facing a lawsuit in federal court in Boston by consumers over ScanScout's alleged use of Flash cookies. Defendants in that case include AOL and Brightcove. All recently filed court papers asking for the matter to be dismissed. ScanScout said in its court papers in that matter that it “never used Flash or any other technology to respawn deleted cookies.”