Recent class action lawsuits have claimed that "Flash cookies" and "HTML5 cookies"—two previously little-known practices by which Internet advertisers and websites can bypass the usual "cookie" folder on users' computers and mobile devices-violate privacy laws. Broadcasters should determine whether their websites use these technologies. It might also be a good idea to conduct a thorough review of their sites to make sure that they are not unwittingly violating privacy laws.
Flash cookies are called "Local Shared Objects" (LSOs) and normally are used by Adobe's Flash Player to display content, such as YouTube videos. Unlike regular browser cookies, LSOs are not deleted when a user clears out his browser's cookie folder; deletion requires accessing the Adobe website. Perhaps for this reason, some advertising networks have started to use Flash cookies as a permanent "tracking" cookie for the purpose of targeted advertising. Some Flash cookies even have the ability to "respawn" browser cookies that the user has deleted.
Another similar client-side storage that does not rely on traditional browser cookies involves HTML5 technology, currently supported by some mobile devices, including the iPhone. Like Flash cookies, HTML5 cookies are not stored in a browser "cookies" file, and can be used to track users across websites.
Recent class action lawsuits have charged that the use of Flash and HTML5 cookies violates the privacy of computer users. One of the major claims is that the technologies are not disclosed to users, are deceptive, and in operation create persistent (and difficult to delete) tracking cookies that effectively override a user's efforts not to be tracked online, and thus invade users' privacy. The lawsuits allege violations of, among others, the federal Computer Fraud and Abuse Act and the California Computer Crime Law, and the California Invasion of Privacy Act. While this is a developing area of the law, broadcasters should be aware of these issues as they update and review their website policies