ComScore Settles Privacy Class Action Over Allegedly Surreptitious Tracking Software
Online analytics company ComScore has agreed to pay $14 million to settle claims that it violated federal electronic privacy laws by installing tracking software on web users’ computers without consent.
In April 2013, the Northern District of Illinois certified a class of thousands of individuals who downloaded the software via a third-party bundling in what is believed to be the largest privacy class certification yet. In June 2013, the Seventh Circuit declined to question the certification, which ultimately led to the recent settlement agreement.
According to the plaintiffs, ComScore’s tracking software, named “OSSProxy,” continuously captured information about users’ online activities, including web searches, websites visited, advertisement clicks, and online purchases, and even personal information such as social security numbers and financial account information. ComScore then used such information to create usage reports to sell to online service providers.
The complaint alleged that the software was secretly bundled with other more “innocuous” applications, such as screensavers, music programs, or games made by ComScore partners. However, the plaintiffs claim that they were unaware of such bundling, given that they did not have to go through a separate installation process for the tracking software and they were not otherwise notified via dialogue boxes that it would be installed. Once discovered on their computers, plaintiffs argued that the tracking software was very difficult or impossible to remove.
The plaintiffs argued that the surreptitious collection of their online activity without consent and subsequent sale of their information to third parties violated the Stored Communications Act, Electronic Communications Privacy Act, and the Computer Fraud and Abuse Act.
Whether or not the underlying claims in the ComScore lawsuit had merit, companies who bundle tracking software with other products downloaded by consumers should consider whether their existing disclosures regarding the collection and use activities of such software are sufficient in order to avoid similar lawsuits. In circumstances where tracking software is able to collect more sensitive data (e.g., information from online shopping carts, financial account information, etc.), companies should also consider providing “just-in-time” or other forms of notice at the time of download or installation.
Photo by g4ll4is from Flickr