PointRoll Settles Claims It Tracked Safari Users Without Their Consent

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

Sept. 25 --Internet marketing company PointRoll Inc. has settled claims that it secretly tracked consumers' Internet activities by bypassing the default cookie settings of their Apple Safari browsers, according to a proposed agreement filed Sept. 23 in the U.S. District Court for the District of Delaware (In re Google Inc. Cookie Placement Cons. Privacy Litig., D. Del., No. 1:12-md-02358-SLR, proposed settlement agreement filed 9/23/13).

The PointRoll pact is the latest in a string of settlements involving similar allegations against other companies, including Google Inc. and online advertising company PulsePoint Inc.

Although the settlement would not provide any monetary relief, it would require PointRoll to expire or delete all of its third-party cookies that exist in Safari browsers. Moving forward, PointRoll could only set new third-party cookies on a Safari browser if had complied with the browser's cookie settings.

The settlement agreement, filed on behalf of a proposed class of consumers, remains subject to the court's approval.

Earlier Google, PulsePoint Settlements.

When a consumer using a Safari or Microsoft Internet Explorer browser visited a website that used third-party tracking cookies from defendants Google, PointRoll, Vibrant Media Inc. or Media Innovation Group LLC/WPP Plc, those tracking cookies circumvented the consumer's browser settings that blocked such cookies, according to a consolidated amended complaint filed in December 2012.

The defendants used cookies without consumers' consent to secretly intercept their Internet communications and activities, the complaint alleged. In addition to several common law claims, the complaint alleged that the defendants violated the Electronic Communications Privacy Act, the Stored Communications Act, the Computer Fraud and Abuse Act and several California computer crime and consumer protection statutes.

Google agreed to pay a $22.5 million civil penalty to settle similar Federal Trade Commission claims . The U.S. District Court for the Northern District of California approved that settlement in November 2012 .

In July, PulsePoint agreed to pay $1 million to settle similar claims by the New Jersey Division of Consumer Affairs .

The parties in the present case jointly requested an immediate stay of proceedings in July after first announcing the PointRoll settlement.

Settlement Terms.

PointRoll agreed to settle the claims “without admitting or conceding any liability or damages whatsoever,” the agreement said.

The company did not seek to profile specific users or conduct behavioral advertising with the cookie campaign, used the cookie technique for only two months and received no more than $25,000 in gross revenues from the campaign, according to the agreement.

The settlement pact would allow the plaintiffs to request an award of $115,000 attorneys' fees and expenses and up to $500 incentive awards for each of the four named plaintiffs.

In addition to the deletion of cookies, the settlement would require PointRoll to:

• maintain a “Remove All Cookies” feature on its home page and privacy notice;

• make the “AdChoices Icon,” an icon that signifies adherence to the Digital Advertising Alliance online behavioral advertising program, or a similar icon available to advertiser clients;

• maintain the privacy protections that are set out in its privacy notice;

• amend its online privacy notice to state that the company “will not set cookies on user devices in contravention of a user's browser cookie settings”;

• remain a member of the Network Advertising Initiative;

• disclose cookie practices in its website privacy notice;

• provide its online privacy notices to advertisement publishers before entering into a new contract or agreement with them; and

• allow the plaintiffs and class counsel the opportunity to interview its employees about the cookie technique.

Most of these terms would apply for two years following the court's approval of the settlement.

Attorneys from Keefe Bartels LLC, in Red Bank, N.J.; Strange & Carpenter, in Los Angeles; and Bartimus, Frickleton, Robertson & Gorny PC, in Leawood, Kan., served as members of the executive committee on behalf of the plaintiffs. Attorneys from Finger & Slanina LLC, in Wilmington, Del., served as liaison counsel for the plaintiffs. Attorneys from Sidley Austin LLP, in San Francisco and Washington, and Fish & Richardson PC, in Wilmington, Del., represented PointRoll. Edward R. McNicholas, a partner with Sidley Austin in Washington, is on the advisory board for the Privacy & Security Law Report.

Full text of the proposed settlement agreement is available at http://op.bna.com/pl.nsf/r?Open=kjon-9bvpfy .

Full text of the amended complaint is available at http://www.bloomberglaw.com/public/document/In_Re_Google_Inc_Cookie_Placement_Consumer_Privacy_Litigation_Doc/3.

Full text of the motion for preliminary approval of the settlement is available at http://www.bloomberglaw.com/public/document/In_Re_Google_Inc_Cookie_Placement_Consumer_Privacy_Litigation_Doc/2.

Request Bloomberg Law Privacy and Data Security