The Federal Trade Commission settled with Chitika, an online advertising company, over charges that the company recommenced the practice of following Internet users just 10 days after they had opted out of online tracking.
But the FTC alleged for an almost two-year period, the opt out lasted only 10 days. Under the terms of the proposed settlement, Chitika is barred from making any misleading statements about its data collection and the ability of consumers to control the collection. In addition, the company must include a hyperlink in every targeted ad that includes a clear opt out mechanism for consumers, with the ability to opt out for at least five years.
Chitika also agreed to destroy all identifiable user information during the relevant time period, from May 2008 to February 2010, and inform consumers who tried to opt out during that period that their efforts were not effective.
In a statement, the company said its opt outs were intended to last for 10 years, but due to an error in the process, they were mistakenly limited to 10 days. During the relevant time period, Chitika said it received only 30 opt out requests per month.
“Chitika believes very strongly in Internet users’ privacy,” the company said in its statement.
To read the consent order in In re Chitika, click here.
Why it matters: As reported by Mediapost.com, Maneesha Mithal, the FTC Director of the Division of Privacy and Identity Protection, recently remarked that the FTC’s case against Chitika and a recent settlement with Twitter are examples of how the agency might address future privacy enforcement. In the Twitter action, the company came under scrutiny for failing to keep users’ information secure. The Chitika case demonstrates that companies which fail to live up to their privacy policies will also be a target of FTC action.