DoubleClick Settlement May Affect Corporate IT Policies

Computerworld - Washington

In January 2000, DoubleClick Inc.'s stock was soaring, reaching about $135 per share. But then came the lawsuits with allegations that the online advertising firm planned to merge information about people's Web-browsing activities with personal identifiers. Six months later, even before the dot-com bubble burst, DoubleClick's share price had tumbled to the mid-$30s.

DoubleClick put that plunge behind it late last month when it settled the lawsuits. But other firms may face similar problems if DoubleClick's $1.8 million settlement is seen as an incentive for more privacy lawsuits.

The settlement may also influence corporate information practices, privacy experts said last week. The terms of the agreement, which include automatic cookie expiration after five years and an independent audit of DoubleClick's privacy practices, are possible corporate benchmarks. The settlement has "the potential for being a foundation on which other businesses might change their practices," said Brian Smith, an e-commerce privacy expert at the law firm Mayer, Brown & Platt in Washington.

Privacy litigation is a relatively new area, and there have been few law-shaping cases or enforcement actions by the U.S. Federal Trade Commission. But key decisions are emerging. In January, for instance, the FTC settled a case against Indianapolis-based Eli Lilly and Co. over the company's inadvertent release of customer e-mail addresses. The FTC settlement stipulated specific information security practices for the drug maker.

Industrywide Impact

These cases "are very influential, very important," said William Paukovitz, chief privacy officer and assistant vice president at Fireman's Fund Insurance Co. in Novato, Calif. Privacy litigation tests the "true meaning" of the law, Paukovitz said, adding, "I try to keep my eye on what's going on in all of [the cases]."

While DoubleClick's settlement may encourage more litigation, it also illustrates the difficulties inherent in such a privacy action. U.S. District Judge Naomi Reice Buchwald rejected the federal case in New York against DoubleClick, which was also filed in several state courts, in part because U.S. wiretapping and fraud laws cited didn't apply to new technologies, such as cookies.

"Existing laws were not necessarily enacted to deal with the Internet and Internet commerce," said Carlyn Clause, a privacy expert at Fenwick & West LLP in San Francisco.

Denise Garcia, an analyst at Stamford, Conn.-based Gartner Inc., attributes DoubleClick's stock plummet in 2000 to its privacy problems. But she said she sees the settlement, with its requirements for consumer choice and a public information campaign, as having an industrywide impact.

"Most [Web] sites will be inspired or be pressured by their audience to tell them what their privacy policy is. At this point, users really aren't aware of how they are being tracked," she said.