Daily Research News Online no. 12796 - Firms Pay $2.4m to Settle Flash Cookie Privacy Suits

Firms Pay $2.4m to Settle Flash Cookie Privacy Suits

December 7 2010

Web metrics company Quantcast and software firm Clearspring have agreed to pay $2.4 million to settle class-action lawsuits claiming they used Flash cookies to track web users without their permission. Separately, online privacy faces a new threat, 'history sniffing'.

The preliminary Flash cookie settlement, which still requires approval by the Los Angeles court, would see the two firms paying the money into a fund to support non-profit organisations with a remit to educate consumers about online privacy.

The lawyers who brought the case will take up to 25% of the amount in fees, while the individuals who filed suit will receive $1,500 each.

Clearspring says it never collected or stored 'personally identifiable information' and that it settled the case to avoid long and costly litigation, while Quantcast reported last summer that it had moved away from using Flash cookies.

A separate lawsuit, against Specific Media and also in LA, remains pending.

Flash cookies and their potential for tracking users became big news only in the summer of 2009 when researchers at UC Berkeley probed their use on video site Hulu and others. This August, an article in the Wall Street Journal sparked an enquiry led by two senior US politicians and directed at leading online firms including AOL, Yahoo!, MySpace and MSN. The same month, Clearspring's lawsuit was announced. Trade association the IAB has since warned its members they should not use technology that 'respawns' cookies after consumers have deleted them, calling it unacceptable and probably illegal.

Another tracking approach that apparently circumvents users' deletion of cookies and poses a threat to online privacy has also emerged in the last few weeks. Known as 'history sniffing', the technique makes use of Java programs in site code to discover which sites visitors have seen, using the fact that browsers display recently viewed URLs in a different colour to those not visited. FTC consumer protection chief David Vladeck has condemned the practice and two California residents have already launched an action against a Dutch site, which was one of 46 history-sniffing sites listed in a recent paper by researchers at the University of California in San Diego. Experts suggest the case may struggle because the federal computer fraud statute requires plaintiffs to prove they suffered at least $5,000 worth of damage as a result of such intrusions.