Attorney General Madigan Announces Settlement Over Allegations that Digital Advertising Firm Breached Internet Privacy

Attorneys General Allege PointRoll Inc. Circumvented Privacy Settings to Expose More Consumers to Internet Ads

Chicago —(ENEWSPF)—December 11, 2014. Attorney General Lisa Madigan today announced a $750,000 settlement with PointRoll Inc. resolving a multistate investigation over whether the company violated consumers’ privacy by unlawfully circumventing privacy settings in Apple’s Safari web browsers.

PointRoll is a digital advertising and technical services company owned by the Gannett Corp. Madigan and her counterparts from five other states alleged that PointRoll unlawfully deployed a browser circumvention technique that allowed it to place browser cookies on consumers’ Safari web browsers despite privacy settings configured to “block cookies from third-parties and advertisers” or alternatively set to “accept cookies” from “visited sites” (for Safari browsers on Apple iPhones and iPads) between December 13, 2011, and February 15, 2012. Cookies are small files set in internet users’ web browsers that allow advertisers to gather information about those users including, depending on the type of cookie, their web surfing habits.

“Consumers have a right to privacy online without fear that businesses are invading that privacy for profit,” Madigan said. “This settlement should be a warning to internet advertisers that a consumer’s privacy must be respected, and they must adequately notify users how to manage their level of privacy online.”

Also under the settlement, PointRoll must:

Never take action to override an internet browser’s cookie-blocking settings configured by user choice or by default.

Never misrepresent or omit material facts concerning the purposes for which it collects and uses consumer information, or the extent to which consumers may exercise control over the collection, disclosure or use of such information.

Provide, on any web site owned or operated by PointRoll, a clearly and conspicuously displayed and titled section within PointRoll’s Privacy Policy that includes an explanation to users of what cookies are, how they are used and the general purposes for which PointRoll uses information derived from cookies.

Implement a privacy program within six months that includes employee training on the importance of user privacy and the employees’ duty to help maintain it. The privacy program must include annual internal assessments of the effectiveness of the privacy program’s controls and updates to those controls when the internal assessments identify a need.

Ensure that its servers are configured to instruct Safari web browsers to expire any cookie placed by PointRoll using its browser circumvention technique, if those systems encounter such a cookie, for a period of two years.

Cooperate with compliance monitoring by the participating states, including providing a written report that describes PointRoll’s compliance with the privacy program requirement and allowing the inspection and copying of all records that may be required to verify compliance.

Joining Madigan in today’s agreement were attorneys general from the following states: Connecticut, Florida, Maryland, New Jersey and New York.

Assistant Attorney General Matthew Van Hise handled the case for Madigan’s Consumer Fraud Bureau.