Analytics company Dataium has agreed to pay $400,000 to New Jersey in order to settle allegations that the company violated a consumer protection law by using “history sniffing” techniques to track Web users, the state Attorney General's office announced this week.
Dataium also agreed to create a comprehensive privacy program and destroy the data it collected in order to settle the charges. All but $99,000 of the payment will be suspended if the company complies with the settlement's terms for the next five years, state officials said.
The Nashville-based Dataium did not admit wrongdoing as part of the deal. The company added in a statement that it “complied with state and federal laws, but settled to avoid the cost of litigation.”
Dataium, which provides analytics to the automobile industry, allegedly exploited a feature in users' browsers that turns links different colors after they have been visited. The company allegedly scanned people's browsers to figure out which sites they had visited, based on the color of the links in the browser history. Doing so enables companies to determine which sites people have visited, even if they attempt to prevent tracking by deleting cookies.
The New Jersey Attorney General alleged that Dataium tested its history-sniffing technology on six occasions between 2010 and 2012. In a test conducted in November of 2012, the company allegedly tracked more than 180,000 visits to car dealerships' sites, as well as search engines and news articles.
State authorities say in the settlement agreement that the company collected a browsing history from individual users. But Dataium maintains that any information it gathered was aggregated and “never monetized, associated with individual names, or used for online behavioral targeting,” according to the settlement agreement.
The company also said it had already destroyed data from tests it conducted prior to last November and will soon destroy the information it gathered from that last test as well.
Dataium allegedly sold information about 400,000 people to the analytics company Acxiom for $2,500, according to the New Jersey authorities. Among the data allegedly sold was people's names, phone numbers, email addresses, number of vehicles viewed and vehicle preferences, according to New Jersey officials. Dataium says that it didn't have all of that data for 400,000 people, according to the settlement agreement.
Acxiom says in a statement emailed to Online Media Daily that it explored acquiring data from Dataium and “received a test file to internally evaluate some of Dataium's data.” But the company says that it decided not to move forward after examining Dataium's privacy policies.
History-sniffing came to light three years ago, when researchers at the University of California, San Diego released a paper outlining how 46 sites engage in the technique by exploiting a vulnerability in browsers to learn what other sites users previously visited.
Dataium isn't the only company to be targeted for allegedly using the technique. Last year, Epic Media Group agreed to destroy all data it collected via history-sniffing technology in order to settle Federal Trade Commission charges. (Epic no longer operates, but the settlement agreement provides that any successor company will refrain from using history-sniffing techniques.)