Doubleclick fails in California privacy challenge

Doubleclick has failed to get four California Internet privacy class actions dismissed. This means that it will have to fight the cases in court.

The class action plaintiffs say that Doubleclick should obtain permission first before "tracking, storing, and analyzing what families click on and read on the Internet".

Plaintiffs allege that "DoubleClick has secretly and in an unauthorized manner used "cookies", "Web bugs" and other means to secretly intercept and access computer users' personal data and Web browsing habits for its own commercial benefit".

By doing this, the company is infringing rights to privacy enshrined in the California constitution.

It gets even more grubby: Doubleclick violated provisions of California's Penal Code concerning illegal eavesdropping on communications; and unjustly enriched DoubleClick at Internet users' expense. The complaint also alleges that DoubleClick's practices are unlawful, fraudulent and unfair under California's state consumer protection act".

"What's worse," Seth R. Lesser, of Bernstein Litowitz Berger & Grossmann LLP, a co-lead counsel, claims in a statement "is that DoubleClick has been promoting itself as concerned about consumer privacy when, in fact, the very nature of its business is to secretly monitor and profile Internet users' habits by tagging the with a unique identifier as they surf the Internet. Most Internet users have no idea this is occurring since DoubleClick's presence on thousands of websites is rarely disclosed".

Watching the Detectives

In January, Doubleclick received a clean bill of privacy health from the FTC.

In March the company won a federal case in New York (which is subject to appeal). But it looks like it could be facing a blizzard of class actions across various states. It goes to show that whereas in Europe we have regulation, the US has litigation.

Europe has tougher data protection and privacy laws than the US. And Doubleclick obeys these data protection and privacy laws. This means that any attempt to construct a class action against the company in, say, the UK, would fail. This does not make the American way better - or worse. Only that the courts have a much bigger say in determining public policy than here.

It will be interesting to see how Doubleclick fares - it is certainly facing an uphill struggle in the Court of Public Opinion.

The depth of feeling (i.e. hatred) that Doubleclick arouses astonishes us. Why doesn't Engage or Ad Juggler or other cookie-inserting ad servers arouse the same amount of fury?

The answer to this lies partly in sheer size: people don't like underdogs and Doubleclick is by far the biggest ad-serving company. Also it is, through acquisition, the world's biggest email marketing company.

But the catalyst for much of this controversy lies in
Doubleclick's clumsy plan last year to aggregate information from multiple online and offline sources. The technology and the data is there for Doubleclick to associate cookie information garnered from anonymous surfers with personally identifiable information gathered from offline sources, such as credit information. The company backed down in March 2000 before a storm of protest (Story: DoubleClick throws in the towel on profiling).

Doubleclick doesn't do profiling. But so many people still hate it. We don't.

To cap it all

As many of you know already - you're IT-savvy readers after all - we use Doubleclick DART ad serving technology, and have done so for more than two years.

It's no secret: our main customers are the London media agencies and they want third party ad servers. In practice they want DART or Engage - they're comfortable with the integrity of the reports and they understand the format.

We plumped for DART as its pay as you go pricing model suits a small company such as ours (although we're approaching the kind of size where buying Engage begins to look attractive).

Our advertisers want us to do the following things:

• frequency cap - limit the number of times an ad is seen
• 
  
• geotarget - 95 per cent of our ads are served only to UK
• 
  
• Reporting - a trusted mechanism to confirm the numbers of ads served.

In addition, we gain an accurate idea of how many readers we have for our various sections, and what countries they come from. We do not know who you are - and DART cannot tell us who you are.

Advertisers would like us to do some other things - such as serve ads only to computer dealers. DART cannot do this. We do not know who you are. Perhaps we should.

Clearly there is a commercial imperative for publishing companies to know more about their readers. The more they know, and the more they can prove they know, the easier it is to make money from advertisers.

(Why do you think the online IT pub world has gone free email newsletter-crazy? This is soft-soap opt-in permission-based demographic-generating marketing.)

If Doubleclick is found to infringe privacy rights in the States by failing to get permission to insert cookies on PCs, many more sites will insist upon registration as the price of entry.

If you want to avoid signing in each time, or want some degree of personalisation, you will have to accept a cookie on your PC. Is that really so difficult? ®

Here's our privacy statement.

Related stories

IE6 will not monster our cookies, says Doubleclick
WinXP IE6 spells death for Doubleclick - and a boost for MSN?