ComScore Settles Privacy Class Action Over Allegedly Surreptitious Tracking Software

Published On June 6, 2014 | By Melissa Maalouf | Electronic Communications Privacy Act (ECPA), General

Online analytics company ComScore has agreed to pay $14 million to settle claims that it violated federal electronic privacy laws by installing tracking software on web users’ computers without consent.

In April 2013, the Northern District of Illinois certified a class of thousands of individuals who downloaded the software via a third-party bundling in what is believed to be the largest privacy class certification yet.  In June 2013, the Seventh Circuit declined to question the certification, which ultimately led to the recent settlement agreement.

According to the plaintiffs, ComScore’s tracking software, named “OSSProxy,” continuously captured information about users’ online activities, including web searches, websites visited, advertisement clicks, and online purchases, and even personal information such as social security numbers and financial account information.  ComScore then used such information to create usage reports to sell to online service providers.

The complaint alleged that the software was secretly bundled with other more “innocuous” applications, such as screensavers, music programs, or games made by ComScore partners. However, the plaintiffs claim that they were unaware of such bundling, given that they did not have to go through a separate installation process for the tracking software and they were not otherwise notified via dialogue boxes that it would be installed.  Once discovered on their computers, plaintiffs argued that the tracking software was very difficult or impossible to remove.

The plaintiffs argued that the surreptitious collection of their online activity without consent and subsequent sale of their information to third parties violated the Stored Communications Act, Electronic Communications Privacy Act, and the Computer Fraud and Abuse Act.

On Friday May 30, ComScore agreed to the $14 million settlement, which will result in an estimated $200 payment to affected class members.  This is in contrast to many other privacy class action settlements that have resulted in smaller payments to class members or awards to nonprofit groups.  Under the agreement, ComScore is also agreeing to revise its privacy policy and end user license agreement to more clearly reflect the software’s tracking activities.

Whether or not the underlying claims in the ComScore lawsuit had merit, companies who bundle tracking software with other products downloaded by consumers should consider whether their existing disclosures regarding the collection and use activities of such software are sufficient in order to avoid similar lawsuits.  In circumstances where tracking software is able to collect more sensitive data (e.g., information from online shopping carts, financial account information, etc.), companies should also consider providing “just-in-time” or other forms of notice at the time of download or installation.

Photo by g4ll4is from Flickr

About The Author

Melissa Maalouf’s practice focuses on advising a broad range of clients, from start-ups to established companies, on both U.S. and international data privacy and security issues. Melissa assists clients in drafting appropriate website disclosures, implementing legally-compliant e-commerce flows, responding to FTC Section 5 and state AG enforcement actions, analyzing advertising claims, and children’s online privacy and safety issues. She also regularly helps clients obtain certification under the EU-US Safe Harbor and navigate compliance with divergent international privacy laws.

Comments