Online ad leader DoubleClick said it has agreed to settle all of the state and federal class action lawsuits filed against it in the wake of its now-scrapped plan to merge offline and online data.
In the suits, which had been filed in January 2000 after DoubleClick announced its intent to integrate personally identifiable consumer information with data that it gleans from placing online cookies, consumers charged the company with wrongfully gathering information and placing cookies on their PCs without their consent. The lawsuits also claimed invasion of privacy, trespassing, unjust enrichment, negligence, misrepresentation and active concealment.
The settlement, should it be approved by the courts, would result in the dismissal of all of the federal and state class action lawsuits currently standing against the company. A hearing is slated for May 21 for final court approval of the agreement.
If the settlement is accepted, it will have DoubleClick, while not admitting any wrongdoing, agreeing to adopt what it described as “industry-leading” privacy protections for online consumers.
Specifically, those protections entail the “protection and routine purging” of data collected online, and the limitation of new cookies to a lifespan of five years. (Previously, cookies had no set lifespan.) The company also said it would purge online data that it obtained while testing the merging of online and offline data — which DoubleClick described as a minimal amount of information.
DoubleClick also said it would maintain its giving “clear notice” of data-collection policies, and would also begin offering “enhanced choice.” Namely, Internet users must explicitly grant permission for the firm to combine personally identifiable information with clickstream data that it has collected in the past. (DoubleClick routinely states that it has no plans for such a merging of information, but still reserves the right to do so — and now agrees to obtain users’ permission.)
The company also said it would continue taking steps to ensure that Internet users’ online data is used consistently with the privacy policy under which it was collected, unless the consumer has given permission to do otherwise. Similarly, the company said it would begin taking steps to ensure that any firm that acquires it in the future would follow suit.
In the settlement, DoubleClick also agreed to two years of review by a major independent accountant. (The firm already has an auditing agreement in place with PricewaterhouseCoopers, which verifies DoubleClick’s compliance to its stated privacy policy and to the policies of the Network Advertising Initiative, a trade association to which DoubleClick belongs.)
The company also said it would launch a new consumer education effort with 300 million impressions, encouraging consumers to learn more about how to protect their online privacy. Since the lawsuits, the company voluntarily delivered 100 million impressions in an educational effort, directing viewers to PrivacyChoices.org, an informational site set up by the company.
The firm also assumes responsibility for the cases’ legal fees and costs, which could run as high as $1.8 million. (DoubleClick already accounted for such charges in its third-quarter operating expenses.)
In a statement, the co-lead plaintiffs’ settlement counsel — Seth Lesser, Dennis Stewart, Bryan Clobes and Ira Rothken — expressed optimism at the outcome.
“We are pleased that we accomplished the main goal of the litigation — namely to ensure that there is a strong set of protections in the event DoubleClick attempts to merge clickstream and personal information,”
said the attorneys. “We are hopeful that the rest of the online advertising industry looks to this case as setting a standard for the future.”
The plaintiffs’ counsel also said the settlement is a “very good result,” since it goes further than steps the company had already taken in the wake of the lawsuits, by “requiring data purging, a public information campaign, cookie life reduction, and compliance reviews of DoubleClick’s settlement commitments by a reputable, national auditing firm, all of which significantly promote the protection of Internet user privacy.”
Since the debacle in 2000 and the resulting deluge of lawsuits, DoubleClick hired Jules Polonetsky, a former consumer advocate in the Guiliani administration in New York City, to oversee the staffing of a privacy team, in addition to its consumer education campaign.
The company said its new privacy protections, while driven by litigation, made it one of the most privacy-conscious players in the online ad space.
“The steps we are taking represent by far the most aggressive leadership position regarding privacy within our industry,” said Polonetsky, who is DoubleClick’s chief privacy officer. “DoubleClick will continue to provide the same full range of marketing solutions for our clients, buttressed by new and improved internal controls and protections to further safeguard consumer information.”
While DoubleClick’s new privacy position may have put it in good stead with plaintiffs, it’s too early to determine whether the development will have any bearing on ongoing inquiries into the firm by several states’ attorneys general.
Last year, the Federal Trade Commission, which had also been investigating DoubleClick, cleared it of violating its own stated privacy policies.