DoubleClick and the Costs of Privacy

What is the cost of violating someone’s privacy today? That is an interesting question to ask the folks at DoubleClick, the company that serves targeted ads to zillions of Web sites.

DoubleClick has become – and here I will quote directly from a story in The Washington Post – “one of the most vilified companies in the online world.” DoubleClick is the central focus of all that is wrong about privacy on the Internet. I’ll get to more about DoubleClick later on.

The Internet has changed the world in many ways, and the world is in the process of doing the same thing to the Internet. How? Lawsuits. State attorneys general have discovered that the Internet and privacy make for good lawsuits and great press. The trial lawyers have joined in as well. Bringing up the rear in the litigation parade is the Federal Trade Commission. Don’t worry too much about the FTC since it only administers slaps on the wrist to companies caught in flagrante delicto. Worry about the trial lawyers who bring more cases than the FTC.

One of the early cases was brought by the Minnesota attorney general against U.S. Bancorp, Minneapolis. In a lawsuit last June, the bank was charged with selling confidential customer information to a telemarketing company. The bank denied all allegations, but it settled the lawsuit, paid a hefty fine and agreed to stop the practice. Bad publicity was a factor in the speedy settlement.

A more recent and similar action took place in New York against Chase Manhattan Corp. Chase also got caught with its hand in the telemarketing cookie jar, and it entered into a consent decree with the New York state attorney general. All the details were not revealed, but the facts must have been embarrassing. The cost of a pre-emptive settlement and diminished publicity was a limitation on disclosure of customer data that was more stringent than the recently passed bank restructuring law. Chase learned something from the U.S. Bancorp experience and kept the public bleeding to a minimum.

Now that the state attorneys general have shown the way, the trial lawyers are pursuing the banks. The settlement did not keep U.S. Bancorp from being sued in a class-action suit. California banks also are being sued for disclosing customer information to telemarketers. Suddenly, sharing customer records with marketers is not a healthy thing for a bank to do.

Trial lawyers seem to be going after everyone caught with a privacy problem. Remember the disclosure in early 1998 that some pharmacies were allowing patient records to be used for marketing? CVS was one of the pharmacies involved, and it is now the defendant in a class-action suit in Massachusetts. DoubleClick has been sued in a privacy class-action suit. So have Amazon and RealNetworks.

DoubleClick committed the deadly sin of promising privacy and then changing its policy. That is the equivalent of wearing a sign on your back that says, “Sue me.” DoubleClick created its own problems when it bought Abacus and began to exploit the vast Abacus database of identifiable records. Privacy advocate Jason Catlett of Junkbusters led a campaign against the DoubleClick-Abacus merger, saying it would lead to a violation of DoubleClick’s previous promise not to use identifiable records. DoubleClick denied it and completed the merger. Catlett was right after all. DoubleClick is now paying dearly for not listening to the privacy advocates.

DoubleClick had a press conference on Feb. 14 to announce a new spin on its privacy policy. Later that same week, however, word also came that there were investigations under way by the FTC, the Michigan state attorney general and the New York state attorney general. The company also disclosed that it might have to spend significant amounts on privacy matters. If it paid attention to privacy earlier, some of these problems could have been avoided.

So despite the company’s attempt to change its image on privacy, its stock dropped 15 percent following the disclosures. The timing was unfortunate because the company was planning a secondary stock offering. The offering of 7.5 million shares went ahead anyway, but the proceeds will be about $120 million less because of the bad privacy publicity.

The industry has been asking for self-regulation and market-based privacy policies. It appears that is just what is happening. Except that self-regulation is being enforced by your neighborhood state attorney general and, more ominously, by the trial lawyers. The threats of state and private legal actions are so scary that some in the industry are calling for federal legislation. Imagine that.

Fear of lawsuits may force DoubleClick to change how it will exploit the Abacus consumer database. That will be a hidden loss. Another loss will result if Web sites shy away from association with DoubleClick and look for another company to serve ads without the baggage that comes with “one of the most vilified companies in the online world.” In this current environment it wouldn’t take much for another company to take market share from DoubleClick.

Just to add to the mix, Wall Street is paying attention to privacy. While DoubleClick’s loss of $120 million may be chump change to the Internet crowd, it is enough money for mere mortals to sit up and take notice. It may now be cheaper to do something real about privacy rather than pay the price in the newspapers, in the courthouses and on Wall Street.

Related Posts