Do you know whether and how your websites use “cookies” or other technologies to collect information from users and/or target advertising?  Do you know what information is being collected and how it is being used?  The Federal Trade Commission has endorsed an online “Do Not Track” mechanism, and recent inquiries, investigations, and lawsuits relating to the use of cookies and other technologies online have put the issue in the spotlight:

  • Sen. Jay Rockefeller, who introduced a “Do Not Track” bill earlier this year, plans to hold a hearing on Facebook’s use of cookies following a USA TODAY report.  Rockefeller sent letters to Visa and MasterCard last month about their information collection practices.
  • Reps. Ed Markey and Joe Barton, who introduced a “Do Not Track Kids Act” earlier this year, have also made inquiries to Facebook about its information collection practices.
  • The FTC is reportedly close to reaching a settlement with Facebook over allegedly deceptive privacy practices.
  • Earlier this month, the FTC entered into a consent agreement with the online advertiser ScanScout regarding claims that consumers could opt-out of targeted ads by changing their browser settings to remove or block cookies, when in fact it that was not possible with flash cookies.
  • Several private lawsuits were brought in 2010 and 2011 relating to the use of tracking technologies on websites, which alleged violations of various federal and state laws.

It may be some time before a comprehensive federal privacy law is adopted, but we can expect that the FTC will continue to exercise its authority over unfair and deceptive practices and plaintiffs will continue to pursue privacy-related lawsuits.  With this evolving landscape, it is important for a company’s review of its privacy policies and information collection practices to encompass not only personal information, but also information that has historically been deemed “non personal” in nature (e.g., pages viewed, referring websites, and the like).