That settles it: Verizon Wireless has agreed to pay regulators a $1.35 million fine for failing to be transparent around its use of supercookies.
The Federal Communications (FCC) said Monday that it had reached a settlement with the telco following a probe that began in December 2014 after it was first revealed that Verizon was tracking users by injecting unique identifier headers into mobile traffic without obtaining the proper consent.
Outrage around the practice hit a fever pitch in January 2015 when privacy researcher and Stanford Ph.D. candidate Jonathan Mayer discovered that third parties could override – and were doing so – proactive opt-outs.
The demand-side platform Turn, for one, was found to be using the header to resurrect deleted tracking cookies or “zombie cookies,” as they became sardonically known.
Verizon took a lot of flack for its unkillable cookies and opaque opt out process. As Mayer, who was since hired as the FCC’s chief technologist, told AdExchanger at the time, “One of the reasons why the zombie cookie issue continues to look really bad for the industry is that it emphasizes a fundamental error in not letting people control tracking.”
As part of the settlement, Verizon has agreed to notify consumers about its targeted advertising programs and obtain what the FCC is calling “affirmative consent.”
In other words, Verizon will need consumers to opt in before it can share ID headers with third parties. When it comes to sharing internally between the various branches of the Verizon corporate family, users will be automatically opted in until they actively decide to opt out.
Speaking of the Verizon corporate family, an FCC spokesperson told AdExchanger as long as Verizon Wireless receives permission from its customers, it can share header information internally, and that includes its subsidiaries, namely AOL, which Verizon acquired in June for $4.4 billion. That purchase was a clear signal to the world of its ad tech aspirations, as was AOL’s acquisition of Millennial Media, which Verizon could use to compete for mobile ad dollars.
Although it’s arguable that the FCC’s scrutiny means Verizon will have to tread lightly when it comes to taking its bite out of the mobile ad pie, FCC Enforcement Bureau chief Travis LeBlanc put a sort of positive spin on the deal, noting in a statement that the “agreement shows that companies can offer meaningful transparency and consumer choice while at the same time continuing to innovate.”
That said, Verizon hasn’t always acted with alacrity when it comes to privacy. During its probe, the FCC found Verizon had started inserting headers into consumer Internet traffic as early as December 2012, although it didn’t disclose the practice until October 2014.
Verizon does seem to be learning, though. Following the hailstorm of bad press following the zombie cookie news in January 2015, Verizon quickly furnished its supercookie with a permanent kill switch.
“While the government works to establish boundaries in this new era of data collection, it’s the consumers that will increasingly expect and demand transparency,” said Manny Puentes, CTO of video SSP Altitude Digital. “After all, it’s their data and they want to know who has access to it and how it’s being used.”
Verizon’s official statement on the FCC deal echoes that sentiment: “Over the past year, we have made several changes to our advertising programs that have provided consumers with even more options. Today’s settlement with the FCC recognizes that. We will continue to give customers the information they need to decide what programs and services are right for them.”
In other FCC-related news, the commission is reportedly on the cusp of drafting privacy rules for broadband providers in March that will address the issues of data collection, notice and consent, among other things.
It’s a delicate subject.
As Jason Kint, CEO of publisher trade org Digital Context Next, noted in an open letter to FCC Chairman Tom Wheeler at the end of February: “Broadband providers are in a position to collect data about consumers across multiple, distinct contexts and connect them back to large reserves of very personal information, and not just about their own customer. … Transparency and meaningful tools for consumers to express choice will help improve consumer trust in the digital ecosystem.”
