The Federal Trade Commission said Monday that it has ended its investigation into
DoubleClick’s privacy policies in its ad serving and data collection practices, effectively
clearing the online ad giant from wrongdoing for the time being.
In a letter to DoubleClick’s attorney, Christine Varney, the FTC said that “it appears
… that DoubleClick never used or disclosed consumers’ [personally identifiable
information] for purposes other than those disclosed in its privacy policy.”
In addition, the FTC concluded that DoubleClick “has not used sensitive data for any
online preference marketing product.”
The FTC investigation began in February, after the company said it planned to combine
online profiles with personally identifiable information from the databases of its newly
acquired subsidiary, Abacus Direct, an offline marketing firm.
While DoubleClick quickly retreated from its plans to combine the databases — in
response to public outcry — the FTC launched an investigation to ensure that the ad network
was holding to its word of not combining consumer data that it had collected online with
personally identifiable data it had acquired from Abacus.
“DoubleClick remains committed to ensuring the highest level of online consumer privacy,
both within our company and throughout the industry,” said DoubleClick chief executive Kevin
Ryan of the resolution.
The letter did indicate some areas where DoubleClick has agreed to modify its privacy
policy to cover all of its privacy-related practices. According to the letter, the company
had agreed to change its policies to detail the use of “Web bugs,” invisible items on Web
pages that track users’ progress within Web sites and collect information about users.
DoubleClick would also include a statement indicating that if users delete their opt-out
cookies (which protects them from being profiled by DoubleClick), they will have to
re-opt-out of profiling. Additionally, the company agreed to rewrite the privacy policy on
its Internet Address Finder site, to indicate that the company does sell e-mail addresses it
obtains from the site. The IAF site allows Web surfers to find and submit addresses for and
information on businesses and consumers.
Since the privacy debacle, DoubleClick has been visibly trying to clean up its image,
naming New York City’s former consumer affairs commissioner, Jules Polonetsky, into the new
position of chief privacy officer. It also hired PricewaterhouseCoopers to undertake a
privacy audit, and launched a widespread banner ad campaign of its own to spread awareness
of its privacy policy and opt-out features.
The FTC did leave the door open for future investigation of the firm, if events warrant.
The FTC’s Joel Winston, acting associate director of the FTC’s division of financial
practices, wrote in the letter that that the closing of the case didn’t necessarily indicate
a finding of innocence.
Nevertheless, Monday’s closing of the FTC’s investigation into DoubleClick does bode well
for the New York-based firm, which has been under close scrutiny by privacy advocates,
legislators, and state attorneys general since it first announced its plans to merge
anonymous online and personally identifiable offline information. Several of those lawsuits
are still pending but could waver in the wake of the FTC’s conclusions.
DoubleClick also needs the vindication of its privacy policies because it plans to roll
out at least one product this year that draws heavily on the Abacus database. Although it
has released few details, the coming product is designed to combine anonymous online data
with anonymous data from Abacus — and DoubleClick would no doubt prefer if it didn’t raise
eyebrows.