Verizon Fined $1.35M in Supercookie Ad Tracking Case
The FCC levied the fine to punish Verizon for sending undeletable data supercookies to more than 100 million customers from 2012 until 2014.Verizon has been fined $1.35 million by the Federal Communications Commission for using special data headers, or "supercookies," to target ads to millions of its mobile customers from 2012 to 2014. The fine, which was announced by the FCC on March 7, resulted from an investigation the agency conducted into the practice after critics complained about the practice about three years ago. The unique identifier headers (UIDHs), or supercookies, were inserted into the mobile Internet traffic of Verizon customers without their knowledge or consent to deliver targeted ads from Verizon and third parties, according to the FCC. Under the settlement with the agency, Verizon has agreed to notify consumers about its targeted advertising programs and will obtain opt-in consent from its customers before sharing UIDHs with third parties or within Verizon, the settlement states. "Consumers care about privacy and should have a say in how their personal information is used, especially when it comes to who knows what they're doing online," FCC Enforcement Bureau Chief Travis LeBlanc said in a statement. "Privacy and innovation are not incompatible. This agreement shows that companies can offer meaningful transparency and consumer choice while at the same time continuing to innovate. We would like to acknowledge Verizon Wireless's cooperation during the course of this investigation and its willingness to make changes to its practices for the benefit of its customers."
In addition to paying a $1.35 million fine, Verizon must also create and meet a three-year compliance plan to prevent similar practices, the agency stated.
Section 222 of the Communications Act requires mobile carriers to protect their customers' proprietary information and use such information only for authorized purposes.Verizon's unique identifying headers had been inserted into the mobile data transmissions of customers as part of the company's Relevant Mobile Advertising program. The intent of the ad program, according to Verizon, was not to intrude on privacy but to customize ads to users based on what they searched for online using their mobile devices. The codes and the information collected from customers did not identify customers, according to Verizon. Critics, however, insisted that the UIDH codes could allow Web servers to build profiles of users through their mobile devices. Verizon had been using the UIDH data, which is dynamic and changes often on users' devices, since late 2012. In November 2014, AT&T dropped its own similar experiment with phone-tracking tags that gave users unique identifiers, even if the users had opted out of mobile ad-tracking services, according to a previous eWEEK report. That controversial tracking program had also been criticized by privacy advocates, who argued that tracking user information even if users opted out of the tracking was not fair. The AT&T testing was built around a numeric code that changed every 24 hours on mobile devices and was used to help serve ads on an anonymous basis, similar to a cookie in online advertising. The testing was completed by AT&T at the time and was removed from the company's mobile network, according to the report. The tracking tags, which were also known as "perma-cookies," had allowed Internet sites to track a specific mobile phone and create a database of information about what the user of the phone was doing, such as looking for sports scores or searching for restaurants or shops.