The attorneys representing the plaintiffs in class action privacy lawsuits against DoubleClick Inc. said they were pleased with the settlement proposal DoubleClick put forth Friday because it goes further than anything the company has done in the past in connection with its privacy policies.
“We are pleased that we accomplished the main goal of the litigation, namely to ensure that there is a strong set of protections in the event DoubleClick attempts to merge clickstream and personal information,” said Seth Lesser, Dennis Stewart, Bryan Clobes and Ira Rothken, the plaintiffs' lawyers, in a joint statement.
DoubleClick said it reached an agreement to settle three major federal and state class action privacy lawsuits filed against it. The company agreed to implement a number of privacy provisions in exchange for the dismissal of lawsuits pending in New York, California and Texas.
DoubleClick agreed to revise its privacy policy to include more easy-to-read explanations of its business. The company also will merge personally identifiable information with clickstream data only if consumers opt-in; it will institute a policy to routinely purge data collected online; its cookies will expire within five years and it will pay $1.8 million in lawyers fees. DoubleClick also agreed to let an independent auditor review its compliance twice a year.
DoubleClick also plans to serve 300 million banner ads that invite consumers to learn more about Internet privacy.
A hearing is set for May 21 to determine whether DoubleClick's settlement is agreeable to the court.
Jules Polenetsky, DoubleClick's chief privacy officer, said the agreement proposed by the company is one of the most aggressive privacy positions in the industry.
“The steps we are taking represent by far the most aggressive leadership position regarding privacy within our industry,” he said. “DoubleClick will continue to provide the same range of marketing solutions for our clients, buttressed by new and improved internal controls and protections to further safeguard consumer information.”
The litigation stems from DoubleClick's merger in November 1999 with Abacus Direct and its stated intention shortly thereafter to merge offline data with online data.
In February 2000, the Electronic Privacy Information Center, or EPIC, filed a complaint with the Federal Trade Commission alleging that DoubleClick's decision to personally identify its profiles constituted “unfair and deceptive” business practices.
“Not only did DoubleClick deceive consumers by claiming in multiple earlier privacy policies that information collected would remain anonymous, the company also unfairly collects and links information about Internet users without their knowledge or control,” EPIC said at that time.
DoubleClick later revealed it was being investigated by the FTC, separate from EPIC's complaint. In addition, it faced a number of class action lawsuits regarding its privacy policies.
In March 2000, DoubleClick's CEO Kevin O'Connor released a statement that the company “made a mistake by planning to merge names with anonymous user activity across Web sites in the absence of government and industry privacy standards.”
In January 2001, the FTC said it closed its investigation of DoubleClick's privacy practices because it did not find any evidence the company combined personally identifiable data with clickstream data.
