A.G. SCHNEIDERMAN ANNOUNCES $750,000 MULTISTATE SETTLEMENT WITH DIGITAL AD FIRM OVER VIOLATION OF INTERNET PRIVACY

Settlement Requires PointRoll To Implement New Policies To Protect Consumers’ Privacy On The Internet

Schneiderman: No One Should Have To Fear A Business Is Violating Their Privacy By Bypassing Personal Settings On Their Computers Or Mobile Devices

Attorney General Eric T. Schneiderman announced today that New York has entered into a $750,000 multistate settlement with digital advertising company PointRoll, Inc. The agreement resolves an investigation concerning whether the company violated consumers’ privacy by unlawfully circumventing the privacy settings in Apple Inc.’s Safari Web browsers.

“When it comes to the privacy of consumers on the Internet, every company is expected to play by the same set of rules: No one should have to fear a business is violating their privacy by bypassing personal settings on their computers or mobile devices, » Attorney General Schneiderman said. “Today’s settlement with PointRoll should serve as a reminder that we will protect New Yorkers when they’re surfing the web, and we will not tolerate any abuses of consumers’ trust.”

PointRoll is a digital ad and technical services company owned by the Gannett Company. New York and five other states allege that PointRoll unlawfully deployed a browser circumvention technique that allowed it to place browser cookies on consumers’ Safari Web browsers despite privacy settings configured to block cookies from third-parties and advertisers between December 13, 2011 and February 15, 2012. Cookies are small files set in Internet users’ Web browsers that allow advertisers to gather information about those users including, depending on the type of cookie, their Web surfing habits.

In addition to the monetary terms, the settlement agreement also requires PointRoll to:

• Not take action to override an Internet browser’s cookie-blocking settings configured by user choice or by default.
• Not misrepresent or omit material facts concerning the purposes for which it collects and uses consumer information, or the extent to which consumers may exercise control over the collection, disclosure or use of such information.
• Provide, on any Web site owned or operated by PointRoll, a clearly and conspicuously displayed and titled section within PointRoll’s Privacy Policy that includes an explanation as to what cookies are and how they are used, the general purposes for which PointRoll uses information derived from cookies, etc.
• Implement a Privacy Program within six months that includes employee training on the importance of user privacy, as well as the duty of PointRoll employees to help maintain it. The Privacy Program is also to include annual internal assessments of the effectiveness of the Privacy Program’s controls, and updates to those controls when the internal assessments identify a need.
• Ensure that its servers are configured to instruct Safari Web browsers to expire any cookie placed by PointRoll using its browser circumvention technique, if those systems encounter such a cookie, for a period of two years.
• Cooperate with compliance monitoring by the participating states, including providing a written report that describes PointRoll’s compliance with the Privacy Program requirement, and allowing the inspection and copying of all records that may be required to verify compliance.

New York’s share of the settlement announced today is approximately $110,000. Connecticut, Florida, Maryland and Illinois also joined in the multi-state settlement, which was led by New Jersey.

New York was represented by Internet Deputy Bureau Chief Clark Russell. The Internet Bureau Chief is Kathleen McGee and the Executive Deputy Attorney General of Economic Justice is Karla G. Sanchez.