Scrutiny of Flash Cookies Extends Overseas

Consumers, regulators, privacy advocates, and industry members condemn use of Flash cookies for online ad targeting purposes.

neelieEuropean Commissioner Neelie Kroes recently described the use of Flash cookies for some purposes as illegal under European law. Her statement followed the introduction of multiple lawsuits in the U.S. against companies including Specific Media and Quantcast.

Indeed, there would seem to be a wave of concern about the use of Flash cookies for online ad targeting purposes. That concern has been expressed not only by regulators, consumers, and privacy advocates, but by ad industry members themselves.

Since June, numerous U.S. lawsuits have been filed against behavioral targeting companies, including Specific Media and Quantcast, and publishers using such technologies, such as Fox Entertainment Group and NBC Universal. The suits specifically highlight the use of Flash cookies to recreate, or “re-spawn,” HTML cookies – which are used to store information on users’ browsing history and to target ads based on their interests.

The issue for companies using HTML cookies for targeting purposes is that users can easily delete them, erasing the profile information stored about them and diminishing the value of an ad impression served to that user. To combat this, some behavioral ad networks have been “backing up,” these cookies through other mechanisms – including Flash cookies and other “locally stored objects” – allowing them to be restored at a later date without users’ knowledge or consent. The suits argue this breaches various U.S. computer crime and privacy laws.

Meanwhile in Europe, Neelie Kroes, VP of the European Commission and European Digital Agenda Commissioner, has plainly stated such practices violate European law. Addressing industry members at an online advertising roundtable event in Brussels last week, Kroes said, “I would expect from you a clear condemnation of illegal practices which are unfortunately still taking place, such as ‘re-spawning’ of standard HTTP cookies against the explicit wishes of users.”

Adobe, the manufacturer responsible for the Flash video format, and hence the related cookies, says it does not condone their use for the reconstruction of HTML cookies, and that it offers tools to easily manage and delete them. The cookies were intended simply to store users’ preferences for the plug-in, such as volume settings, for example. Most users, however, are unaware that these cookies exist.

The practice isn’t limited to Flash cookies, though. It’s just one of a range of mechanisms that could be used to similar effect. Russell Glass, CEO of behavioral targeting company Bizo, points to a new piece of Javascript code called “Evercookie,” which makes it effectively impossible for users to prevent the restoration of tracking cookies. He wrote in a blog post:

“Basically it works by storing information about the cookie in varying different places both on the browser and the user’s local store. This means that if the user deletes their cookies – and even their Flash cookies – any of the remaining stores can recreate the others at any time, thus rendering the user’s desire for privacy and control useless…This is exactly the kind of technology that scares privacy pundits and industry insiders, and reinforces the concept that the ad industry needs to all come out and agree that it will not use tracking technologies unless they are transparent and in the user’s complete control.”

Indeed, privacy advocates agree. Alexander Hanff of U.K.-based privacy advocacy group Privacy International said the practices were not only deceptive and unethical, but also potentially illegal.

“If a consumer removes or blocks a cookie from their system then a company has to respect that; if they then go and use surreptitious methods to reinstall that cookie against the consumer’s will they are committing an offense,” he told ClickZ. “In the U.K., in my opinion, this would be a clear case of an offense under the Computer Misuse Act at the very least.”

The U.S. suits against Specific Media and Quantcast were both filed in California by a Texas-based lawyer named Joseph Malley. Malley was also involved with Facebook’s high-profile settlement over its Beacon advertising platform, according to reports by ZDNet. Malley did not return requests for comment for this story.

Subscribe to get your daily business insights

Whitepapers

US Mobile Streaming Behavior
Whitepaper | Mobile

US Mobile Streaming Behavior

5y

US Mobile Streaming Behavior

Streaming has become a staple of US media-viewing habits. Streaming video, however, still comes with a variety of pesky frustrations that viewers are ...

View resource
Winning the Data Game: Digital Analytics Tactics for Media Groups
Whitepaper | Analyzing Customer Data

Winning the Data Game: Digital Analytics Tactics for Media Groups

5y

Winning the Data Game: Digital Analytics Tactics f...

Data is the lifeblood of so many companies today. You need more of it, all of which at higher quality, and all the meanwhile being compliant with data...

View resource
Learning to win the talent war: how digital marketing can develop its people
Whitepaper | Digital Marketing

Learning to win the talent war: how digital marketing can develop its peopl...

2y

Learning to win the talent war: how digital market...

This report documents the findings of a Fireside chat held by ClickZ in the first quarter of 2022. It provides expert insight on how companies can ret...

View resource
Engagement To Empowerment - Winning in Today's Experience Economy
Report | Digital Transformation

Engagement To Empowerment - Winning in Today's Experience Economy

1m

Engagement To Empowerment - Winning in Today's Exp...

Customers decide fast, influenced by only 2.5 touchpoints – globally! Make sure your brand shines in those critical moments. Read More...

View resource