Federal Trade Commission Announces Settlement in Online Behavioral Advertising Case
Mandates Use of "In Ad" Disclosure
March 16, 2011
On March 14, 2011, the Federal Trade Commission (FTC) announced a settlement with Chitika, Inc.,1 resolving its investigation of Chitika's allegedly deceptive disclosures concerning its practice of tracking consumers' online activities for behavioral advertising purposes, as well as its inadequate opt-out mechanism. According to the FTC complaint, Chitika offers an online behavioral advertising service that acts as an intermediary between website publishers and advertisers that wish to have their ads placed on websites. When consumers visit a website within the Chitika network of publishers, Chitika sets cookies in their browsers, which it uses to track the consumers' searches, the websites they visit, and the content they view. This information is used to furnish consumers with advertising targeted to their interests.
The settlement reached by the FTC and Chitika is reflected in a proposed order that includes both traditional and novel remedies. It prohibits Chitika from misrepresenting the extent to which consumers are able to control the collection, use, or sharing of data collected from or about them, and the extent to which data from or about a particular consumer is collected or shared—a standard provision in FTC consent orders. But it also requires Chitika to take very specific actions intended to make its collection practices transparent to consumers, and enable consumers to easily and effectively opt out of such collections.
First, Chitika must place a clear and prominent notice with a hyperlink for opting out on the home page of its website that states: "We collect information about your activities on certain websites to send you targeted advertisements. To opt out of Chitika's targeted ads, click here." When clicked on, the link must take the consumer to an opt-out mechanism.
Second, Chitika must provide a mechanism to enable its users to prevent Chitika from: (1) collecting data that can be associated with a Chitika user or such user's computer or device, or that contains any unique identifier, such as a user ID or IP address; (2) redirecting users' browsers to third parties that collect data absent affirmative action by such users; and (3) associating any previously collected data with any Chitika user's computer or device. This mechanism must remain in effect for at least five years unless disabled by the user. In addition, within close proximity to the mechanism, Chitika must disclose:
- the fact that Chitika collects information about consumers' activities on certain websites to deliver targeted ads;
- that if users opt out, Chitika will not collect this information to deliver such ads;
- the consumers' current choice status (i.e., whether opted in or opted out of tracking); and
- that the consumers' choice is specific to the browser they are using (i.e., if they switch browsers or devices, they will have to opt out again).
Third, Chitika's home page also must include banners alerting consumers who could have been previously subject to the allegedly deceptive conduct. Specifically, the website must include the following statement: "If you opted out of our targeted ads before March 1, 2010, the opt-out has expired and you must opt out again to avoid targeted ads."
Fourth, the order requires that within any behaviorally targeted advertisement that Chitika produces, it must include a hyperlink that takes consumers directly to the required opt-out mechanism. The hyperlink text must state: "Opt out?" And when a consumer's cursor, or equivalent, is placed over the hyperlink, a box must be visible that clearly and prominently states, "Opt out of Chitika's targeted ads."
The proposed order further prohibits Chitika's use of any data that it previously collected, and requires the company to destroy all such information and any information retained in its files that would allow the information to be associated with a particular consumer or that consumer's computer or device.
Implications of the Proposed Order
Wilson Sonsini Goodrich & Rosati attorneys routinely counsel their clients with respect to evolving privacy and data security issues. If you have any questions regarding this WSGR Alert or any related privacy and data security matters, please contact Tonia Klausner at firstname.lastname@example.org or (212) 497-7706; Lydia Parnes at email@example.com or (202) 973-8801; Sara Harrington at firstname.lastname@example.org or (650) 320-4915; Gerry Stegmaier at email@example.com or (202) 973-8809; Matt Staples at firstname.lastname@example.org or (206) 883-2583; or Valentina Rucker at email@example.com or (202) 973-8861.