Home > Security > Privacy

Computerworld - While the plaintiffs in a class-action privacy suit against DoubleClick Inc. praised yesterday's settlement, at least one privacy advocacy group isn't happy.
Thirteen separate suits had been filed against the New York-based Internet advertising company charging that it invaded users' privacy and misrepresented itself. The suits were later consolidated into a single federal suit, which was settled in March (see story). A final settlement was approved yesterday by Judge Naomi Reice Buchwald.
Among the terms of the deal, DoubleClick is required to create an easy-to-read privacy policy.
But the Washington-based Electronic Privacy Information Center (EPIC) criticized the settlement.
"We were disappointed that the court did not consider the public's interest or the class members' interest," said Megan Grey, EPIC's senior counsel. "This was not a fair and adequate resolution for the individual class members. The attorneys got paid, and that is about all that happened here."
Ira Rothken, one of four plaintiffs' attorneys who argued the case against DoubleClick in the U.S. District Court for the Southern District of New York, disputed that interpretation of the settlement.
"That is wrong," Rothken said. "The thing that is interesting is EPIC came into the hearing with various remedies that they were recommending, but they were not able to point to a single federal law that would allow those remedies to be included in the settlement."
DoubleClick has maintained it did nothing wrong. Attempts to contact DoubleClick were unsuccessful. Messages were left on the company's voice mail and e-mail systems.
Rothken said he supports EPIC's efforts to have Congress pass laws regarding Internet privacy, but he added that when arguing a case in court, he and the other attorneys must work within the confines of existing laws.
Although he would like to see tougher federal standards, Rothken said, the settlement has teeth and would make a difference.
Included in the terms of the settlement are rules that compel DoubleClick to do the following:

• Create a privacy policy that is easy to read, outlines the company's use of cookies and pixel tags, and explains its online ad servicing service.


• Launch 300 million banner ads on sites across the Internet that explain how consumers can protect their privacy, opt out of having a DoubleClick ad server cookie placed on their computers and how cookies are used and data is collected.


• Purge various user information that the company has collected on consumers on a regular basis, and


• Hire an accounting firm to audit its compliance with the terms.

In addition, Rothken said, DoubleClick was ordered to pay $1.8 million in attorneys' fees.
But Grey said the court should have gone further. "The court should have held DoubleClick's feet to the fire," Grey said.
She added that she would have liked to see the courts move even further in protecting the privacy of Internet users. Rothken repeated his assertion that the attorneys had to work within the framework of existing law but praised EPIC's attempts to get stricter laws passed.
"The legal tools that we had to work with do not necessarily bring about the best possible results for society, and that is where the disconnect" between the plaintiffs and EPIC was, Rothken said.

Read more about Privacy in Computerworld's Privacy Topic Center.