The State of New Jersey
Department of Law & Public Safety
Division of Consumer Affairs
Press Release – 7/25/13
- The New Jersey Division of Consumer Affairs (the “Division”), brought an action against PulsePoint, an online advertising company, for allegedly using hidden code to circumvent the privacy settings of consumers’ web browsers without providing notice or obtaining consent.
- According to the Division, PulsePoint contracts with web publishers to sell advertising space on their websites. It also contracts with advertisers to place ads on the publishers’ web sites.
- The Division alleges that PulsePoint began bypassing consumer privacy settings in June 2009. In effect, the company placed unauthorized “cookies” on the Safari web browsers of consumers’ computers.
- It is alleged that these unauthorized cookies may have enabled third-party advertisers to target consumers with ads based on their online behavior.
- The parties agreed to a $1 million settlement, including a $566,200 civil penalty, $33,800 to reimburse the State’s attorneys’ fees and investigative costs, and a payment of $150,000 for the Attorney General to spend on privacy protection programs.
- The balance of $250,000 will be used for PulsePoint to provide in-kind advertising services to the Division in connection with its mission of protecting the public from fraud, among other things.
- The settlement requires PulsePoint to provide detailed information on its website about the types of information it collects about consumers and how it is used.
- PulsePoint is also required to protect the privacy and confidentiality of consumer information that it obtains by instituting a myriad of privacy controls and procedures.
- The company has agreed to hire an independent third party to provide regular privacy assessment reports to the Division.
- The Division of Consumer Affairs characterized PulsePoint’s actions as “circumvent[ing] privacy settings designed to protect consumers.”
- This kind of behavior is unacceptable to, and will be aggressively pursued by, regulatory agencies.
- Companies must ensure that their data collection policies and practices comply with all applicable state and federal privacy laws, rules and regulations.