Acting Attorney General John J. Hoffman said that PointRoll — a digital ad and technical services company owned by the Gannett Corp. — “unlawfully deployed a browser circumvention technique that allowed it to place browser cookies on consumers’ Safari Web browsers despite privacy settings configured to block cookies from third-parties and advertisers or, alternatively, set to accept cookies from visited sites on Apple iPhones and iPads.
New Jersey’s share of the settlement is $200,000, Hoffman said.
“Today’s settlement with PointRoll should serve as a reminder that we will not tolerate conduct that involves circumventing browser privacy settings without the consumer’s knowledge or consent,” he said. “People have every right to surf the Web without fear that businesses are employing technical tricks to bypass their privacy settings.”
In addition to paying New Jersey, Connecticut, Florida, Illinois, Maryland and New York, Hoffman said PointRoll agreed in the settlement to:
· Not take action to override an Internet browser’s cookie-blocking settings configured by user choice or by default;
· Not misrepresent or omit material facts concerning the purposes for which it collects and uses consumer information, or the extent to which consumers may exercise control over the collection, disclosure or use of such information;
· Provide, on any Web site owned or operated by PointRoll, a clearly and conspicuously displayed and titled section within PointRoll’s Privacy Policy that includes an explanation to users of what cookies are and how they are used, the general purposes for which PointRoll uses information derived from cookies, etc.;
· Implement a Privacy Program within six months that includes employee training on the importance of user privacy, as well as the duty of PointRoll employees to help maintain it. The Privacy Program is also to include annual internal assessments of the effectiveness of the Privacy Program’s controls, and updates to those controls when the internal assessments identify a need;
· Ensure that its servers are configured to instruct Safari Web browsers to expire any cookie placed by PointRoll using its browser circumvention technique, if those systems encounter such a cookie, for a period of two years;
· Cooperate with compliance monitoring by the participating states, including providing a written report that describes PointRoll’s compliance with the Privacy Program requirement, and allowing the inspection and copying of all records that may be required to verify compliance;
Deputy Attorney General Glenn T. Graham, assigned to the Division of Law’s Consumer Fraud Prosecution section, and Deputy Attorneys General Elliott Siebers and Edward Mullins, assigned to the Government and Healthcare Fraud Section, handled the PointRoll matter for the state.
Click here to follow Daily Voice Garfield-Lodi and receive free news updates.