FTC Ends DoubleClick Privacy Investigation

The Federal Trade Commission said Monday that it has ended its investigation into

DoubleClick’s privacy policies in its ad serving and data collection practices, effectively

clearing the online ad giant from wrongdoing for the time being.

In a letter to DoubleClick’s attorney, Christine Varney, the FTC said that “it appears

… that DoubleClick never used or disclosed consumers’ [personally identifiable

information] for purposes other than those disclosed in its privacy policy.”

In addition, the FTC concluded that DoubleClick “has not used sensitive data for any

online preference marketing product.”

The FTC investigation began in February, after the company said it planned to combine

online profiles with personally identifiable information from the databases of its newly

acquired subsidiary, Abacus Direct, an offline marketing firm.

While DoubleClick quickly retreated from its plans to combine the databases — in

response to public outcry — the FTC launched an investigation to ensure that the ad network

was holding to its word of not combining consumer data that it had collected online with

personally identifiable data it had acquired from Abacus.

“DoubleClick remains committed to ensuring the highest level of online consumer privacy,

both within our company and throughout the industry,” said DoubleClick chief executive Kevin

Ryan of the resolution.

The letter did indicate some areas where DoubleClick has agreed to modify its privacy

policy to cover all of its privacy-related practices. According to the letter, the company

had agreed to change its policies to detail the use of “Web bugs,” invisible items on Web

pages that track users’ progress within Web sites and collect information about users.

DoubleClick would also include a statement indicating that if users delete their opt-out

cookies (which protects them from being profiled by DoubleClick), they will have to

re-opt-out of profiling. Additionally, the company agreed to rewrite the privacy policy on

its Internet Address Finder site, to indicate that the company does sell e-mail addresses it

obtains from the site. The IAF site allows Web surfers to find and submit addresses for and

information on businesses and consumers.

Since the privacy debacle, DoubleClick has been visibly trying to clean up its image,

naming New York City’s former consumer affairs commissioner, Jules Polonetsky, into the new

position of chief privacy officer. It also hired PricewaterhouseCoopers to undertake a

privacy audit, and launched a widespread banner ad campaign of its own to spread awareness

of its privacy policy and opt-out features.

The FTC did leave the door open for future investigation of the firm, if events warrant.

The FTC’s Joel Winston, acting associate director of the FTC’s division of financial

practices, wrote in the letter that that the closing of the case didn’t necessarily indicate

a finding of innocence.

Nevertheless, Monday’s closing of the FTC’s investigation into DoubleClick does bode well

for the New York-based firm, which has been under close scrutiny by privacy advocates,

legislators, and state attorneys general since it first announced its plans to merge

anonymous online and personally identifiable offline information. Several of those lawsuits

are still pending but could waver in the wake of the FTC’s conclusions.

DoubleClick also needs the vindication of its privacy policies because it plans to roll

out at least one product this year that draws heavily on the Abacus database. Although it

has released few details, the coming product is designed to combine anonymous online data

with anonymous data from Abacus — and DoubleClick would no doubt prefer if it didn’t raise

eyebrows.

News Around the Web