Track afield: What the FTC's Google case means for your company

After two weeks of talk about track, the trending topic is tracking, including the FTC’s $22.5 million settlement with Google for violating an earlier order.  Google told users of the Safari browser it wouldn’t place tracking cookies or serve them targeted ads, but the FTC charged that the company’s tracking practices went far afield of its claims.  Of course, the terms of that settlement apply just to Google, but there’s a lot savvy executives can take from the case and other recent FTC actions that touch on tracking.

It’s a decathlon, not a dash.  By now, most companies have (we hope) gotten the message that what they say in their privacy policies has to line up with their day-to-day operations.  But chances are you’re conveying claims not just in your privacy policy, but also where you talk about choice mechanisms, opt-outs, and other ways users can customize their experience.  The FTC’s complaint against Google cites — among other things — alleged misrepresentations on the company’s Advertising Cookie Opt-Out Plug-in page.  The message for businesses?  Like decathletes, prudent companies excel across the board.  They know where they make privacy promises, maintain an inventory of the cookies they use, and don’t launch new ones without thinking through the implications.

Members only.  No, not the sporty jackets from the 80s.  We’re talking here about what’s conveyed when companies highlight their affiliation with self-regulatory programs.  To join the Network Advertising Initiative (NAI), a voluntary self-regulatory group for the online ad industry, companies agree to disclose their data collection and use practices.  Although Google touted its NAI membership, the FTC says the company didn’t truthfully disclose what it was doing with Safari users’ data.  Therefore, the FTC charged that Google misrepresented the extent to which it honored NAI’s Code.  Membership in self-regulatory programs is your call, but once you advertise your adherence to an industry code, live up to its terms.

Ill-advised disguise.  Marathoners dream of entering the stadium first and running that last stretch in front of a cheering crowd.  But remember American Frank Shorter in the ‘72 Olympics?  He led the pack into the arena, but didn’t know someone had donned a uniform, hidden under the bleachers, and taken a victory lap before officials figured out the ruse.  Of course, the circumstances are different, but our point relates to the FTC’s allegation that Google used code to disguise its cookie to work around Safari’s opt-out default setting.  The take-away for careful companies is that sidestepping users’ preferences can lead to costly legal missteps.

Relay race.  Many recent FTC privacy cases suggest a disconnect between what companies say they’re doing and what’s actually happening behind the scenes.  How do businesses overcome that hurdle?  Coaches love to quote the Lombardi-esque chestnut, "There is no I in T-E-A-M."  But if you’re talking about your company’s data management team, there should be an I-T.  Your information technology staff needs to run a strong lead-off with smooth baton passes to your marketing execs and legal advisors.  But victory depends on a solid anchor leg from top management committed to crossing the finish line in front.

(We'll stop with the sports metaphors for now.)

 

0 Comments

| Comment Policy

Leave A Comment

Don't use this blog to report fraud or deceptive practices. To file a complaint with the Federal Trade Commission, please use the FTC Complaint Assistant.

PRIVACY ACT STATEMENT: It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act and the Federal Information Security Management Act authorize this information collection for purposes of managing online comments. Comments and user names are part of our public records system, and user names are also part of our computer user records system. We may routinely use these records as described in our Privacy Act system notices. For more information on how we handle information that we collect, please read our privacy policy.