After several prominent Internet companies moved to distance themselves from DoubleClick, the advertising firm has decided to drop plans to merge offline information with user activity it’s collecting from the Web sites that use its technology.
“I made a mistake by planning to merge names with anonymous user activity across Web sites in the absence of government and industry privacy standards,” Kevin O’Conner, chief executive officer of DoubleClick, said in a statement.
“We commit today, that until there is agreement between government and industry on privacy standards, we will not link personally identifiable information to anonymous user activity across Web sites.”
Over the past few weeks, pressure from privacy advocates, and from government agencies assigned to protect consumers, has mounted. The company is the subject of inquiries by the Federal Trade Commission, the New York State Attorney General’s office and the Michigan State Attorney General’s office. DoubleClick says that today’s decision stems from discussion with consumers, privacy advocates, customers, government officials and industry leaders.
The most recent news, and possibly the events that spurred DoubleClick to take action, came when several prominent Internet companies publicly distanced themselves from DoubleClick and its privacy troubles.
AltaVista, which is majority-owned by Internet incubator CMGI (CMGI), adopted an opt-in policy for its Web site. This means that people who use the site must affirmatively ask to have their surfing habits tracked.
DoubleClick operates under an opt-out policy, under which users have to ask to be taken off the list of those being tracked. The company has repeatedly said that it feels opt-out should be the industry standard, as it is for offline data collection.
Another Internet company, Kozmo.com, an up-and-coming delivery service, reportedly is also trying to disentangle itself from DoubleClick, moving for an early termination of its contract with the company.
The latest flap in DoubleClick’s privacy woes came when financial software maker and Web site operator Intuit Inc. (INTU) Thursday moved to plug leaks on its popular Quicken site, after it was revealed that personal financial information users entered on the site was being sent to DoubleClick, which served the ads on the site.
The discovery was made by Richard Smith, the Internet security consultant who discovered that Real Networks Inc.’s jukebox software was sending information about users’ listening habits back to the company.
Smith discovered, while surfing Intuit’s site with a “packet sniffer” running on his computer, that information from a mortgage calculator and a credit-assessment feature were being sent to DoubleClick. Both contained fields where people input sensitive information like income, assets, and debt. Other features on the site, like a sample tax return, did not send data to the ad company.
DoubleClick officials told InternetNews.com the company makes no use of the data.
“That data is sent to us, but we don’t receive it. We don’t capture it in any way,” says Jeff Epstein, executive vice president of DoubleClick. “We’re in the process of sending letters to all of our customers to alert them of this problem.”
The issue is mostly one of referral URLs, a problem that not related to the issue on which DoublClick backpedaled today. It is also not limited to either Intuit or DoubleClick. In fact, Smith says, “This is a fairly generic problem that 50, 100, 200 sites may have.”
Privacy advocates praised DoubleClick’s move.
“Doubleclick has not only made the right business decision for their own company in suspending their tracking plans, they have also taken the right public policy choice of looking for consensus on standards for information practices for their industry,” says Jason Catlett, president of Junkbusters Corp.