FTC Is Asked to Crack Down on ‘Supercookies’ as Data Privacy Violation

FTC Is Asked to Crack Down on ‘Supercookies’ as Data Privacy Violation

September 28, 2011

FTC Is Asked to Crack Down on ‘Supercookies’ as Data Privacy Violation

By: Nicole Kardell

The bastard stepchild of online behavioral advertising – the supercookie – is in the hot seat.

Two members of the House of Representatives sent a letter to the FTC on September 27 calling on the commission to look into the usage and impact of supercookies on consumers. Reps. Ed Markey (D-Mass.) and Joe Barton (R-Tex.), co-chairmen of the bipartisan privacy caucus in the House, sent the letter in response to an August 18 Wall Street Journal article. The article reported on use of supercookies by major online presences like MSN.com and Hulu.com. Rep. Barton raised concerns that the existence of supercookies “eats away at consumer choice and privacy.”

Like regular cookies, supercookies (aka “Flash cookies” and “zombie cookies”) are legal means to track a user’s online activity. But there are several differences that cause supercookies to pique the concerns of data privacy advocates. Unlike regular cookies, supercookies circumvent a user’s privacy settings and are hard to detect and remove. They are located in different files on the computer, like the Flash plug-in (hence the term “Flash cookies”), and cannot be found by browsers’ cookie detectors. tourism online . Moreover – and this is one of the big issues for data privacy people – supercookies can regenerate (“respawn”) user profiles after regular cookies are deleted.

After the Wall Street Journal article came out, Microsoft and other companies identified as using supercookies were quick to disavow them. Microsoft, which created the code, claimed it was “alarmed” when the supercookie was brought to its attention. Hulu said it “acted immediately to investigate and address” the issue. ask ira Other companies, like Flixter, also pleaded ignorance.

Shortly following the Barton-Markey letter, the Interactive Advertising Bureau, a trade group for online advertisers, sent a reminder to its members of their advertising code of conduct. The code, which requires online advertisers to give notice to consumers of their data tracking and collection, was largely an industry response to placate regulatory agencies and keep them from establishing the parameters of online behavioral advertising. The supercookie, though, may inspire a heavier regulatory presence. Representative Barton declared that supercookies should be outlawed and the “constant abuse of online activity must stop.”

We have been guessing that data privacy will be one of the focal points of the “Dot Com Disclosures,” the FTC’s soon-to-be-released updated online advertising guidelines. Public comment on what the revised guidelines should include was closed in August. But the congressmen’s letter to the FTC will likely have an impact.

Online advertisers may want to take a different strategy on consumer data tracking. Instead of coming up with new ways to circumvent privacy settings, why not be upfront about data tracking but make it less scary? Location services on smart phones have gained considerable consumer appeal, so users are voluntarily allowing the tracking of their physical location (arguably scarier than much online tracking). If advertisers can demonstrate to consumers that they are in fact getting a benefit and not getting abused by data tracking, then tracking opt-ins could work for both consumers and marketers.

Nicole Kardell

Nicole Kardell

Nicole is a certified privacy professional with expertise in European privacy law (CIPP/E), in particular the GDPR. She helps companies to navigate the changing face of privacy regulations and to keep their business practices and partnerships in compliance with the law both domestically and abroad.

Related Practice(s)

Subscribe to Ifrah Law’s Insights