DoubleClick Settlement May Affect Corporate IT Policies

New benchmarks for online privacy could emerge


In January 2000, DoubleClick Inc.'s stock was soaring, reaching about $135 per share. But then came the lawsuits with allegations that the online advertising firm planned to merge information about people's Web-browsing activities with personal identifiers. Six months later, even before the dot-com bubble burst, DoubleClick's share price had tumbled to the mid-$30s.

DoubleClick put that plunge behind it late last month when it settled the lawsuits. But other firms may face similar problems if DoubleClick's $1.8 million settlement is seen as an incentive for more privacy lawsuits.

The settlement may also influence corporate information practices, privacy experts said last week. The terms of the agreement, which include automatic cookie expiration after five years and an independent audit of DoubleClick's privacy practices, are possible corporate benchmarks. The settlement has "the potential for being a foundation on which other businesses might change their practices," said Brian Smith, an e-commerce privacy expert at the law firm Mayer, Brown & Platt in Washington.

Privacy litigation is a relatively new area, and there have been few law-shaping cases or enforcement actions by the U.S. Federal Trade Commission. But key decisions are emerging. In January, for instance, the FTC settled a case against Indianapolis-based Eli Lilly and Co. over the company's inadvertent release of customer e-mail addresses. The FTC settlement stipulated specific information security practices for the drug maker.

Industrywide Impact

These cases "are very influential, very important," said William Paukovitz, chief privacy officer and assistant vice president at Fireman's Fund Insurance Co. in Novato, Calif. Privacy litigation tests the "true meaning" of the law, Paukovitz said, adding, "I try to keep my eye on what's going on in all of [the cases]."

While DoubleClick's settlement may encourage more litigation, it also illustrates the difficulties inherent in such a privacy action. U.S. District Judge Naomi Reice Buchwald rejected the federal case in New York against DoubleClick, which was also filed in several state courts, in part because U.S. wiretapping and fraud laws cited didn't apply to new technologies, such as cookies.

"Existing laws were not necessarily enacted to deal with the Internet and Internet commerce," said Carlyn Clause, a privacy expert at Fenwick & West LLP in San Francisco.

Denise Garcia, an analyst at Stamford, Conn.-based Gartner Inc., attributes DoubleClick's stock plummet in 2000 to its privacy problems. But she said she sees the settlement, with its requirements for consumer choice and a public information campaign, as having an industrywide impact.

"Most [Web] sites will be inspired or be pressured by their audience to tell them what their privacy policy is. At this point, users really aren't aware of how they are being tracked," she said.


Why It Matters

DoubleClick’s pending privacy settlement will get corporate attention as a possible best practice. A court hearing to finalize the settlement is set for next month.

Cookies expire after five years; an independent audit of privacy practices is required.

The settlement requires DoubleClick to conduct a privacy information education campaign. With 300 million advertisement banners, consumer awareness of privacy will increase.

Trade groups want Congress to bar private lawsuits in privacy cases and leave enforcement to state and federal authorities. The DoubleClick settlement will be cited by privacy advocates as a good reason for allowing private action.

Copyright © 2002 IDG Communications, Inc.

Shop Tech Products at Amazon