Privacy and Security Law Blog

FTC Settlement Embodies First Agency Action Against Browser History Sniffing

By Bob Scott

The Federal Trade Commission (FTC) announced a proposed settlement of allegations that online advertising company Epic Marketplace, Inc. and its affiliate Epic Media Group (Epic) engaged in deceptive practices by failing to accurately describe their online advertising data practices. Specifically, the FTC alleged that Epic failed to disclose that it ran software script which determined whether consumers had visited web sites outside of Epic’s affiliated advertiser network, and falsely represented that it only collected browser information from web sites within Epic’s network. The settlement is the FTC’s first action against browser history sniffing, and demonstrates the Commission’s continued expansion of jurisdiction through enforcement actions. The proposed settlement must be approved by a majority of the Commissioners before it becomes effective.

According to the FTC, Epic said in its privacy policy that it would collect information about consumers’ visits to sites only within the Epic’s advertising network. Yet in practice, the cookies received from these sites would run a script to determine whether consumers visited sites outside Epic’s network. Epic tracked the results and sent targeted ads based on consumers’ browsing history. Consumers would have no way to know Epic’s software actively searched the browser’s history.

The FTC’s proposed consent order with Epic includes numerous provisions that are remedial on their face, such as a ban on further browser history sniffing, a ban on the use of data already collected, and an order to destroy all previously collected data. In fact, press reports suggest that Epic Marketplace discontinued the browser history sniffing practice in 2011, and that the company may no longer be in business. If, as appears to be the case, the practice has ceased, the proposed consent order is relevant primarily as another in the long line of FTC jurisdictional precedents established through enforcement actions.

Finally, as described by the FTC, Epic’s browser history sniffing practice did not comport with “best practices” of online advertising self-regulatory groups such as the Network Advertiser Initiative and Digital Advertising Alliance. This action thus underscores the importance of careful implementation of these online advertising self-regulatory principles and practices.

Trackbacks (0) Links to blogs that reference this article Trackback URL
Comments (0) Read through and enter the discussion with the form at the end
Davis Wright Tremaine LLP
188 West Northern Lights Blvd.
Suite 1100
Anchorage, AK 99503-3985
(907) 257-5300
San Francisco
505 Montgomery Street
Suite 800
San Francisco, CA 94111-6533
(415) 276-6500
777 108th Avenue NE
Suite 2300
Bellevue, WA 98004-5149
(425) 646-6100
1201 Third Avenue
Suite 2200
Seattle, WA 98101-3045
(206) 622-3150
Los Angeles
865 South Figueroa Street
Suite 2400
Los Angeles, CA 90017-2566
(213) 633-6800
Washington, D.C.
1919 Pennsylvania Avenue, NW
Suite 800
Washington, D.C. 20006-3401
(202) 973-4200
New York
1633 Broadway
27th Floor
New York, NY 10019-6708
(212) 489-8230
Suite 701-704
Two International Finance Centre
8 Century Avenue, Pudong District
Shanghai 200120 P.R. China
(011) 86-21-6279-8560
1300 SW Fifth Avenue
Suite 2300
Portland, OR 97201-5630
(503) 241-2300
Attorney Advertising.

Prior results do not guarantee a similar outcome.