Consumers have long expressed concerns about ways in which advertisers might spy on them to track their Internet buying habits and gather other personal information from them online. Now multiple class-action lawsuits—perhaps spurred by media coverage—are targeting Internet advertising firms and, in some cases, the companies whose sites host the ads. The increase in legal action has made it even more important for companies to pay attention to what they allow advertisers to do on their Web sites.

 

Protective measures that companies can take include reviewing and changing advertising contracts as well as considering stronger privacy policies.

 

“This is absolutely the issue that has captured many companies’ attention in terms of privacy-related litigation in the past 10 months,” says Dominique Shelton, a partner in the intellectual property department of Wildman Harrold’s Los Angeles office. More than 20 class action lawsuits related to Internet advertising have been filed since late last year, she notes. In many cases, plaintiffs have said that the targeted ads tracked their behavior without their consent. Plaintiffs have accused the companies of violating privacy and computer trespassing laws.

 

The firm Interclick was sued, along with Interclick’s clients including CBS, McDonalds, and Mazda. At least one other suit has targeted companies that make applications for mobile devices, citing third-party sharing violations.

 

Two cases targeting advertisers have been settled out of court, including one targeting Quantcast, last year, for $2.4 million. But the result of the outstanding suits remains uncertain, says Shelton.

 

Companies should be aware of what any third parties are doing on their sites, as well as review any advertising vendor agreements. Organizations should also ensure that proper indemnity and insurance provisions are in place, says Clint McCord, another Wildman partner.

 

Companies could consider a provision in a contract saying they do not authorize an ad firm to use flash cookies (which collect customer information) on the company’s behalf, says Todd Presnell, a partner at Miller & Martin, based in Memphis.

It can sometimes be hard to know whether advertisements contain tracking technology, such as flash cookies, according to Shelton. But companies should “ask the right questions of vendors and IT groups.”

 

Companies can benefit from creating a paper trail showing they have tried to address the issue with vendors, she says, and also that an effort has been made to follow best practices. Some of the pending suits charge companies with intentionality, she says, “so if you can show unintentionality that’s good.”

 

Companies need good privacy policies. “Policies need to be clear,” Shelton states. There should be some notice of the policy on the Web page where ads are placed, she adds. A clear link could guide users to the main privacy policy, for example.

 

Organizations should also review guidance on behavioral advertising issued last December as part of a larger Federal Trade Commission (FTC) report, Shelton says.

 

The FTC report notes that privacy policies need to inform consumers what’s being tracked and how the information will be used.

 

In many of the outstanding cases, it has yet to be decided whether any wrongdoing has actually occurred, says Presnell. As cases get heard, the record will help other companies to better craft policies to avoid future liability. Meanwhile, companies should be on notice that this is an area fraught with potential pitfalls.