So-called “Flash cookies” got some headlines in the online privacy world last year, after some prominent researchers noted that they were sometimes being used to track users-even users who took steps to protect their privacy, like clearing their regular (HTTP) cookies. Flash cookies were mentioned by the FTC as a problem, and a few class-action lawsuits were filed against companies that used Flash cookies for targeted advertising. Now that litigation has been resolved, after a judge approved a final settlement under which Quantcast and Clearspring will pay $2.4 million.
The settlement was first announced in December, but only got final approval from the judge overseeing the case on Monday. Attorneys involved in the case said there were no objectors to the settlement and U.S. District Judge George H. Wu approved the settlement after a short hearing.
Most of the money will go to universities and research groups working on online privacy issues, but just over $550,000 will be paid to the plaintiffs’ attorneys in fees and expenses, according to those lawyers. The arrangement of making payments to non-profits and universities in lieu of paying affected consumers directly has been used to settle other digital privacy lawsuits, including suits against Facebook’s Beacon program and *Google* Buzz. That’s because the classes in online privacy suits can be enormous. In this case, the class would have consisted of a huge chunk of the more than 200 million U.S. internet users.
Going forward, it will be interesting to see what happens if privacy-oriented groups and universities continue to receive large awards from privacy lawsuits. If this trend continues, it could give those groups a vested interest in seeing such litigation continue.
In addition to Quantcast and Clearspring, the lawsuits named several large media companies that use Quantcast technology to serve ads. Those defendants included ABC (NYSE: DIS), ESPN, Hulu, JibJab Media, MTV Networks (NYSE: VIA), NBC Universal (NSDQ: CMCSA), and Scribd. However, settlement documents seem to indicate that Quantcast and Clearspring alone will pay for the settlement fund.
In separate lawsuits, which were ultimately consolidated, Quantcast and Clearspring was accused of using information in Flash cookies to “re-spawn” HTTP cookies to allow the companies to identify users and target advertising to them, even if the users had cleared their regular HTTP cookies. That’s considered a poor practice by many privacy advocates, since it’s a fair presumption that many users who clear their cookies do so to protect their privacy and do not wish to be re-identified by advertisers. However, it’s not clear that this practice is illegal, and neither Quantcast nor the other defendants have admitted as such in this settlement. Quantcast stopped the practice of re-spawning shortly after it was alerted that it was happening.
While the number of lawsuits being filed over privacy issues has greatly increased in the last year, it’s not known if these lawsuits would really be successful if they went to trial. The laws that defendant companies are said to be breaking are usually pre-internet era laws that outlaw things like wiretapping. In the Quantcast case, the defendants’ use of Flash cookies was alleged to be breaking both California and federal privacy laws.
Adobe (NSDQ: ADBE), the creator of Flash Player, calls Flash cookies Local Storage Objects or LSOs. The company has emphasized that using LSOs to track users is a misuse of its technology. LSOs have many other uses, such as determining whether a particular user is logged in, or whether she has seen a particular ad before, or measuring progress in a game that uses Flash technology.
» Original class action complaint against Quantcast and co-defendants [PDF]
» Proposed Final Order And Judgement [PDF]