FTC Settles with ScanScout over “Flash” Cookies

On November 8, 2011, the Federal Trade Commission reached a settlement with ScanScout, an online video ad network, that had been charged by the FTC with engaging in deceptive practices regarding ScanScout’s use of a type of tracking device called a “Flash” cookie. (A Flash cookie is a cookie that websites using Adobe’s Flash multimedia technology may store on a user’s computer.) According to the FTC complaint, ScanScout’s privacy policy instructed users that they could opt out of receiving targeted ads by modifying their browser settings to “prevent the receipt of cookies.” The FTC found this claim to be deceptive, because ScanScout in fact used Flash cookies, which are stored in a different place from ordinary cookies and cannot be removed merely by changing browser settings.

The settlement requires ScanScout to place a prominent notice on its website stating, “We collect information about your activities on certain websites to send you targeted ads. To opt out of our targeted advertisements, click here.” This link would take users to a mechanism allowing them to opt out of data collection resulting in targeting. The opt-out would last for at least five years unless changed by the user.

In announcing the settlement, the FTC also announced the release of a new article on online tracking, “Cookies: Leaving a Trail on the Web.”

This settlement indicates that the FTC is closely monitoring the use of tracking devices and, more significantly, what online advertisers are disclosing about their use of such devices and the choice users are actually able to exercise over how (or whether) they are used. Accordingly, privacy policies should be drafted to accurately and completely describe what users can (and cannot) do to control the use of tracking devices.