ScanScout acts as an intermediary between web publishers and advertisers. ScanScout purchases advertising space on websites and contracts with advertisers to place video advertisements on the sites. ScanScout uses information gathered from cookies on users’ computers to deliver advertisements targeted to the user’s interests (as predicted by the user’s browsing history).
According to the FTC’s complaint, between 2007 and 2009 ScanScout used flash local shared objects – more commonly described as “Flash cookies” – in addition to HTML cookies to track consumers. As we’ve previously discussed, the use of Flash cookies has created controversy because Flash cookies are stored in a different location on a user’s computer than HTML cookies and are not controlled by certain web browser software – which means that they cannot be blocked or deleted by standard privacy controls within that software. (Some of these concerns have been alleviated by the latest version of Adobe Flash, which works with the latest versions of Google Chrome, Mozilla Firefox, and Microsoft Internet Explorer to allow users to control or delete Flash cookies through the browser’s privacy settings.)
The proposed settlement includes a consent order prohibiting ScanScout from misrepresenting (A) the extent to which data about users or their online activities is collected, used, disclosed, or shared; or (B) the extent to which users may control the collection, use, disclosure, or sharing of data collected from them.
The proposed settlement also requires ScanScout to implement a number of “clear and prominent” disclosures to consumers. First, ScanScout must place a hyperlinked notice on its homepage(s) stating “We collect information about your activities on certain websites to send you targeted ads. To opt out of our targeted advertisements click here.”
Second, the hyperlink must direct users to a mechanism by which users may prevent ScanScout from (a) collecting data that can be associated with a particular user; (b) redirecting users’ browsers to third parties that collect data (absent a click or other affirmative action by the user); and (c) associating any previously collected data with the user. The user’s choice must remain in effect for five years, but is subject to certain permissible uses (e.g., to implement the user’s choice to prevent the collection of data or to limit the number of times an advertisement is displayed).
Third, “within close proximity to the mechanism,” ScanScout must disclose: (1) that ScanScout collects information about user’s online behavior in order to deliver targeted advertising; (2) that if the user implements the mechanism, ScanScout will not collect this information for the purpose of delivering targeted advertising; (3) the user’s current status (e.g., “not opted out” or “opted out”); and (4) any action initiated by the user that would disable the mechanism (e.g., use of a different browser or deletion of cookies).
Finally, ScanScout must include “within or immediately adjacent to” any targeted advertisement a hyperlink that takes consumers directly to the mechanism. Although it may not be technically possible to include hyperlinks in every targeted advertisement ScanScout currently serves, ScanScout must “[u]ndertake reasonable efforts to develop or implement” such hyperlinks within any targeted video advertisements it serves, and must report regularly to the FTC regarding its efforts to do so.
The FTC voted 4-0 to approve the administrative complaint and proposed consent agreement. The FTC will publish a description of the consent agreement in the Federal Register, and it will be subject to public comments through December 8, 2011.