The deal, announced today by the New Jersey Attorney General, also requires PointRoll to refrain from overriding users' cookie-blocking settings -- including default settings -- and to implement a privacy program, among other terms. Other states joining the settlement are Connecticut, Florida, Illinois, Maryland and New York.
The settlement stems from revelations by Stanford graduate student Jonathan Mayer, who reported two years ago that PointRoll and three other companies -- Google, Vibrant Media and WPP's Media Innovation Group -- developed a workaround to Safari's privacy settings, which block third-party cookies by default. As a result, the companies were able to drop tracking cookies and serve ads to Web users based on their Internet activity.
Google, Vibrant Media and PointRoll confirmed Mayer's report when it came out in February of 2012. They said at the time that they had stopped tracking Safari users, or would soon do so. WPP has never confirmed the report. None of the companies were accused of linking cookie-based data to users' names or other personally identifiable information.
Google, but not the others, was hit with a Federal Trade Commission complaint as a result of Mayer's report. The FTC alleged that Google's circumvention by Safari users' settings violated a previous consent decree that required the company to honor its privacy promises. Google agreed to pay around $23 million to settle those charges.
A fifth company not named by Mayer, the online ad exchange PulsePoint, also allegedly bypassed Safari's settings. That company, formed by a 2011 of Datran Media and ContextWeb, agreed to pay $1 million to settle an investigation into the matter by the New Jersey Attorney General.
Meanwhile, consumers filed class-action lawsuits against the companies named by Mayer. Those lawsuits, unlike the actions by government officials, haven't yielded much in the way of results.
PointRoll agreed to settle that litigation by deleting any cookies it collected from Safari users, but the other three companies convinced a trial judge to dismiss the lawsuits.In a ruling issued last year, U.S. District Court Judge Sue Robinson in Wilmington, Del. said the consumers couldn't proceed because they didn't show they were harmed by the potential privacy violation. Robinson also ruled that even if the companies circumvented Safari's default settings, doing so didn't violate the federal wiretap law.
The consumers have appealed that ruling to the 3rd Circuit Court of Appeals. That court heard arguments in the matter today.