November 10, 2010
The use of Flash cookies capable of re-installing browser tracking cookies – that users have previously deleted – has triggered the filing of multiple privacy lawsuits against some of the Web’s largest media companies. At issue is a user’s fundamental right to control how their tracking information is harvested and shared.
Each of the lawsuits seeks class action status. The defendants include three leaders in the field of behavioral advertising – Clearspring Technologies, Inc., Quantcast Corporation, and Specific Media, Inc.
Behavioral advertising has used traditional “cookies” to track a user’s surfing behavior on the Internet. The cookies track clickstream data including sites visited and the related times on these sites, search engine queries, and content read and downloaded. The data harvested by the cookies is used to create a behavioral profile about a specific user that can be keyed to a specific demographic. Advertisers use this information to target ads that would appeal to the demographic. In essence, behavioral ads are targeted to specific consumers anonymously based on the specific consumer’s past surfing behavior.
The issues raised in these suits significantly increase the stakes in ongoing privacy disputes regarding behavioral advertising. What’s noteworthy in these suits are allegations regarding how a user’s surfing behavior is harvested – specifically, by the use of Flash cookies.
How Flash Cookies Work
Users generally have the ability to control traditional cookies. Web browser vendors generally offer software tools that offer users the ability to configure their browsers to accept or refuse certain cookies, or to delete them at time intervals of the user’s choosing.
Control over cookies by users presents a problem for advertisers. Cookie deletion by users skews the numbers that track and measure a user’s online activity. The result – targeted, behavioral ads are not targeted to the desired degree of effectiveness, and traffic counts are rendered inaccurate.
Flash cookies address this problem by installing on a user’s computer an Adobe Flash Media Player local shared object (LSO) for tracking purposes. The Adobe Flash Media Player is software that enables users to view content on their computers. The tracking results for the user are later merged with information from other sources for purposes of behavioral advertising. This procedure is similar to the procedure used with traditional cookies.
What’s different with Flash cookies is how they work. An independent report by academic researchers titled “Flash Cookies and Privacy” found that:
* when a user visits a Flash cookie site, it receives a traditional, browser cookie, plus an identical Flash cookie; and
* if the user deletes the browser cookie, the Flash cookie re-spawns the browser cookie.
What’s more, Flash cookies remain on the user’s computer and are hard to detect. By default, Flash cookies have no expiration date, and they’re stored in a different location on a user’s computer than traditional cookies.
Plaintiffs in the current litigation as well as privacy advocates in general object to Flash cookies alleging that:
* Flash cookies are passed to a user’s computer without any notice by, or consent from, the user,
* resulting in a violation of a user’s fundamental right to control how their tracking information is harvested and shared.
The use of Flash cookies in the context of behavioral advertising presents new issues with related privacy concerns.
The Federal Trade Commission (FTC) has not yet issued formal guidelines or taken action against the use of Flash cookies, but that doesn’t mean that Flash cookies are not on the FTC’s radar screen. FTC Chairman Jon Leibowitz recently stated that the FTC is considering implementing a “do not track” list as a response to the growing concern over behavioral advertising in general.
Expect the FTC to act sooner rather than later.
Leading Internet, IP and software lawyer Chip Cooper has automated the process of drafting Website Legal Forms for website legal compliance. Use his free online tool — Website Documents Determinator — to determine which documents your website really needs for website legal compliance. Discover how quick, easy, and cost-effective it is to draft your website legal forms at DigiContracts.com.