NJ Reaches Settlement With Online Advertising Company Accused Of Violating User Privacy

John J. Hoffman

Acting Attorney General John J. Hoffman

NEWARK – The New Jersey Division of Consumer Affairs has obtained a $1 million settlement with PulsePoint, an online advertising company that used hidden JavaScript code allegedly to bypass the privacy settings of consumers’ web browsers, without notifying the consumers or obtaining their consent, Acting Attorney General John J. Hoffman announced.

PulsePoint, based in New York City, allegedly placed unauthorized “cookies” – small packages of data – on Apple, Inc.’s Safari web browsers, even though the users’ privacy settings were set to specifically block cookies from third-party advertisers. The unauthorized cookies may have enabled third-party advertisers to target consumers with ads based on their online activities.

Acting Attorney General Hoffman noted that the unauthorized cookies enabled the company to place as many as 215 million targeted ads on web browsers used by New Jersey consumers, between June 2009 and February 2012.

“PulsePoint circumvented privacy settings designed to protect consumers,” Hoffman said. “This settlement puts online advertisers on notice that they must respect consumers’ privacy settings, or end up paying far more in penalties than any violations would generate in ad revenue.”

The $1 million settlement, announced today, resolves the Division’s investigation into PulsePoint’s conduct. The settlement amount includes a $566,200 civil penalty, and $33,800 reimbursement for the State’s attorneys’ fees and investigative costs. It also includes a $150,000 payment to be used at the Attorney General’s sole discretion for privacy protection programs – such as the purchase of high-tech investigative tools, and the ability to retain technologists and other experts to assist in investigations.

The remaining $250,000 will consist of in-kind advertising services that PulsePoint will provide to the Division of Consumer Affairs. The Division will use the ads to further its mission to protect the public from fraud, and for other public interest purposes.

The settlement agreement also requires PulsePoint to ensure that, going forward, it protects the privacy and confidentiality of consumer information it obtains, by implementing a series of privacy controls and procedures. Among other things, the company has agreed to hire an independent third party to provide regular privacy assessment reports to the Division of Consumer Affairs, for the next five years.

The settlement also requires PulsePoint to provide detailed information on its website about the types of information it collects about consumers, and how that information is used. The website also must include instructions on how consumers can manage any cookies PulsePoint may place on their computers; and how consumers can restrict, limit, opt out of, or otherwise control the information PulsePoint may collect about them.

Finally, the agreement requires PulsePoint to maintain systems that will instruct Safari web browsers to expire any cookies placed by PulsePoint prior to the settlement’s effective date.

“This action is part of the Division of Consumer Affairs’ commitment to protect the privacy of consumers in an increasingly complex and sophisticated digital world,” Eric T. Kanefsky, Director of the Division of Consumer Affairs, said. “Online advertising is a multibillion-dollar business that is always seeking new and innovative ways to target consumers with ads that will entice them to visit retailers’ sites and make purchases. We are here to remind advertisers and web developers that all advertising activities must respect the rights of consumers, and respect the law.”

PulsePoint was formed in September 2011, through the merger of two companies known as ContextWeb, Inc. and Datran Media Corp. PulsePoint operates an advertising exchange in which it enters into agreements with web publishers to sell advertising space on their websites. It also contracts with advertisers to place their ads on the publishers’ websites.

ContextWeb and, later, PulsePoint, allegedly circumvented the privacy settings of Safari web browsers as early as June 2009. The companies used JavaScript code that made it appear to Safari that the users clicked on ads when they had not actually done so. As a result, the browser treated the ads as if they were websites the user visited – and accepted cookies from those ads. Meanwhile, ContextWeb and PulsePoint failed to disclose this practice to consumers.

In the settlement announced today, PulsePoint acknowledged that it engaged in this practice until February 2012, and stopped only after independent researchers verified, as published in a Wall Street Journal expose, that other companies engaged in similar practices. The company represents in the State settlement that its current directors and officers were unaware of the practice until that time. PulsePoint entered into the settlement agreement without any admission that its practices violated New Jersey’s Consumer Fraud Act.

Hoffman noted that the $1 million settlement with PulsePoint reflects the company’s practices as they affected New Jersey consumers. He also noted that the settlement will be used, in part, to enhance the state’s ability to investigate and prosecute online violations of privacy.

Connect with NJTODAY.NET

Join NJTODAY.NET's free Email List to receive occasional updates delivered right to your email address!
Email ads@njtoday.net for advertising information Send stuff to NJTODAY.NET Like Us On Facebook Follow Us On Twitter Download this week's issue of NJTODAY.NET
Print Friendly, PDF & Email