The State of New Jersey 

Department of Law & Public Safety

Division of Consumer Affairs 

Press Release – 7/25/13

BACKGROUND:

  • The New Jersey Division of Consumer Affairs (the “Division”), brought an action against PulsePoint, an online advertising company, for allegedly using hidden code to circumvent the privacy settings of consumers’ web browsers without providing notice or obtaining consent.
  • According to the Division, PulsePoint contracts with web publishers to sell advertising space on their websites.  It also contracts with advertisers to place ads on the publishers’ web sites.
  • The Division alleges that PulsePoint began bypassing consumer privacy settings in June 2009.  In effect, the company placed unauthorized “cookies” on the Safari web browsers of consumers’ computers.
  • In order to accomplish this, the company used JavaScript code to make it seem to Safari that users clicked on ads when in fact they had not done so. As a result, the browser accepted cookies from those ads.
  • It is alleged that these unauthorized cookies may have enabled third-party advertisers to target consumers with ads based on their online behavior. 

SETTLEMENT:

  • The parties agreed to a $1 million settlement, including a $566,200 civil penalty, $33,800 to reimburse the State’s attorneys’ fees and investigative costs, and a payment of $150,000 for the Attorney General to spend on privacy protection programs.
  • The balance of $250,000 will be used for PulsePoint to provide in-kind advertising services to the Division in connection with its mission of protecting the public from fraud, among other things.
  • The settlement requires PulsePoint to provide detailed information on its website about the types of information it collects about consumers and how it is used. 
  • PulsePoint is also required to protect the privacy and confidentiality of consumer information that it obtains by instituting a myriad of privacy controls and procedures. 
  • The company has agreed to hire an independent third party to provide regular privacy assessment reports to the Division.

TAKE A​WAY:

  • The Division of Consumer Affairs characterized PulsePoint’s actions as “circumvent[ing] privacy settings designed to protect consumers.”
  • This kind of behavior is unacceptable to, and will be aggressively pursued by, regulatory agencies.
  • Companies must ensure that their data collection policies and practices comply with all applicable state and federal privacy laws, rules and regulations.