Under a settlement announced today with the Federal Communications Commission (FCC), Verizon Wireless must pay a fine of $ 1.35 million and adopt a three-year plan for using so-called “supercookies” only with customer consent.
Verizon came under investigation by the FCC in late 2014, after it was discovered that the company was inserting unique identifier headers (UIDHs), otherwise known as supercookies, into customers’ mobile Internet traffic without their knowledge or consent. The supercookies enabled Verizon to track users’ online habits and deliver more targeted ads to them.
After its investigation, the FCC concluded that Verizon’s actions violated agency rules on Internet transparency and consumer information protection. The agency found that Verizon began inserting UIDHs into customers’ traffic as early as December 2012 but didn’t reveal the practice until October 2014. Verizon also didn’t update its privacy policy until March 2015 to disclose its use of supercookies and give customers a choice of opting out.
Privacy, Innovation ‘Not Incompatible’
“Consumers care about privacy and should have a say in how their personal information is used, especially when it comes to who knows what they’re doing online,” FCC Enforcement Bureau Chief Travis LeBlanc said in a statement announcing the settlement. “Privacy and innovation are not incompatible. This agreement shows that companies can offer meaningful transparency and consumer choice while at the same time continuing to innovate.”
Under the settlement reached with the FCC, Verizon must inform customers about its targeted advertising program and obtain their opt-in consent before sharing supercookie-generated information with third-party companies. It must also obtain an OK from customers before sharing any such information with parties within Verizon itself.
“Over the past year, we have made several changes to our advertising programs that have provided consumers with even more options,” Verizon spokesman Rich Young told us via e-mail today. “Today’s settlement with the FCC recognizes that. We will continue to give customers the information they need to decide what programs and services are right for them.”
Other Companies Will Now ‘Think Twice’
Today’s settlement is “an unqualified win for consumers, for online security, and for privacy advocates who have been calling for tracking only on an opt-in basis,” Nate Cardozo, staff attorney for the Electronic Frontier Foundation (EFF), a digital rights advocacy organization, told us. “Verizon’s use of the UIDH trucking header was, to our eyes, clearly illegal from the time we first found out about it in late 2014, and we told Verizon as much at the time.”
Cardozo said Verizon’s past characterizations of its UIDH use were “simply false,” and that its practices “allowed any number of dangerous online tracking practices, ones that Verizon couldn’t control, especially at the beginning of the program when Verizon didn’t even permit an opt-out.”
Last year, Verizon announced that it also planned to combine customer data from its mobile service ad programs with the advertising network of AOL, which it acquired for $ 4.4 billion in June.
“From the very start, EFF called for this program — and other similar tracking programs — to be instituted on a strictly opt-in basis,” Cardozo said. “Today’s order will mean that other companies contemplating similar involuntary tracking will think twice before proceeding without explicit consumer consent.”
