FTC Ends DoubleClick Privacy Investigation
The New York advertising company passes one major privacy hurdle, effectively clearing it torelease a combined Abacus-DoubleClick product later this year.
The New York advertising company passes one major privacy hurdle, effectively clearing it torelease a combined Abacus-DoubleClick product later this year.
The Federal Trade Commission said Monday that it has ended its investigation into DoubleClick’s privacy policies in its ad serving and data collection practices, effectively clearing the online ad giant from wrongdoing for the time being.
In a letter to DoubleClick’s attorney, Christine Varney, the FTC said that “it appears … that DoubleClick never used or disclosed consumers’ [personally identifiable information] for purposes other than those disclosed in its privacy policy.”
In addition, the FTC concluded that DoubleClick “has not used sensitive data for any online preference marketing product.”
The FTC investigation began in February, after the company said it planned to combine online profiles with personally identifiable information from the databases of its newly acquired subsidiary, Abacus Direct, an offline marketing firm.
While DoubleClick quickly retreated from its plans to combine the databases — in response to public outcry — the FTC launched an investigation to ensure that the ad network was holding to its word of not combining consumer data that it had collected online with personally identifiable data it had acquired from Abacus.
“DoubleClick remains committed to ensuring the highest level of online consumer privacy, both within our company and throughout the industry,” said DoubleClick chief executive Kevin Ryan of the resolution.
The letter did indicate some areas where DoubleClick has agreed to modify its privacy policy to cover all of its privacy-related practices. According to the letter, the company had agreed to change its policies to detail the use of “Web bugs,” invisible items on Web pages that track users’ progress within Web sites and collect information about users.
DoubleClick would also include a statement indicating that if users delete their opt-out cookies (which protects them from being profiled by DoubleClick), they will have to re-opt-out of profiling. Additionally, the company agreed to rewrite the privacy policy on its Internet Address Finder site, to indicate that the company does sell email addresses it obtains from the site. The IAF site allows Web surfers to find and submit addresses for and information on businesses and consumers.
Since the privacy debacle, DoubleClick has been visibly trying to clean up its image, naming New York City’s former consumer affairs commissioner, Jules Polonetsky, into the new position of chief privacy officer. It also hired PricewaterhouseCoopers to undertake a privacy audit, and launched a widespread banner ad campaign of its own to spread awareness of its privacy policy and opt-out features.
The FTC did leave the door open for future investigation of the firm, if events warrant. The FTC’s Joel Winston, acting associate director of the FTC’s division of financial practices, wrote in the letter that that the closing of the case didn’t necessarily indicate a finding of innocence.
Nevertheless, Monday’s closing of the FTC’s investigation into DoubleClick does bode well for the New York-based firm, which has been under close scrutiny by privacy advocates, legislators, and state attorneys general since it first announced its plans to merge anonymous online and personally identifiable offline information. Several of those lawsuits are still pending but could waver in the wake of the FTC’s conclusions.
DoubleClick also needs the vindication of its privacy policies because it plans to roll out at least one product this year that draws heavily on the Abacus database. Although it has released few details, the coming product is designed to combine anonymous online data with anonymous data from Abacus — and DoubleClick would no doubt prefer if it didn’t raise eyebrows.