Quantcast And Clearspring Settle Class-Action Suits Over Flash Cookie Tracking
Web measurement company Quantcast and widget maker Clearspring have agreed to pay $2.4 million to settle two class-action lawsuits alleging that they violated people's online privacy by using Flash cookies for tracking. As with the recent deal Google made to resolve litigation stemming from the launch of Buzz, most of the settlement will go toward privacy organizations. The lawyers who brought the lawsuits against Quantcast and Clearspring will split up to 25% of the total settlement amount in attorneys' fees.
The deal, which resolves complaints filed this summer against Clearspring and Quantcast -- as well as a host of publishers like ABC, MySpace, ESPN and Warner Brothers Records, and Demand Media -- awaits approval by U.S. District Court Judge George Wu in Los Angeles.
A decision about which privacy groups will receive the settlement funds will be made at least 45 days before a hearing about whether to grant the deal final approval, says Scott Kamber, one of the attorneys representing the plaintiffs.
The individuals who filed suit on behalf of all Web users affected by Flash cookies will receive $1,500 each, but no other Web users will see any money as a result of the settlement.
Clearspring said in a blog post that it never collected or stored "personally identifiable information" -- often defined as names or addresses -- and that it "has always respected the need for user privacy in the quickly changing world of the social web."
Quantcast said that it had changed its practices regarding Flash cookies more than one year ago.
Flash cookies are among a host of new tracking mechanisms to emerge in recent years. Because Flash cookies are not stored in the same location as HTTP cookies, users who direct their browsers to delete cookies don't shed Flash cookies. Users can, however, erase Flash cookies through other means, including at Adobe's online controls, but relatively few consumers are aware of such cookies.
The use of Flash cookies to track users who delete HTTP cookies appears to date to 2005, when ad technology company United Virtualities publicly said it could track Web users through a "pie," or persistent identification element," that would remain on people's computers even if they deleted their cookies.
But the technology remained off most privacy advocates' radar until last year, when researchers at the University of California, Berkeley and other schools published a report outlining how Web companies can recreate deleted HTTP cookies with Flash cookies, circumventing consumers' attempts to avoid tracking. After the report was published, some Federal Trade Commission officials said they were concerned about the use of Flash for tracking purposes.
Although tracking via Flash cookies is anonymous in that Web companies typically aren't collecting users' names, privacy advocates are nonetheless concerned because the technology can be deployed to collect data about people who thought they had opted out of online tracking.
A lawsuit against Specific Media for tracking people with Flash cookies remains pending in federal court in Los Angeles.