William B. Baker writes:
A series of recent class-action lawsuits has focused attention on two previously little-known practices by which Internet advertisers and websites can bypass the usual “cookie” folder on users’ computers and mobile devices. The practices are known as “Flash cookies” and “HTML5 cookies.” Given the current legal uncertainty regarding these practices, organizations may wish to ascertain whether their websites use such technology. More broadly, they may wish to take this opportunity to review their sites’ advertising technology in more detail than they may have done previously.
Read more on Wiley Rein, where Baker reviews and analyzes a number of class action lawsuits that have been filed.
What Baker does not discuss in this article is an alternative approach to addressing the problem: an FTC enforcement action. In my conversation with the FTC over the use of P3P compact policies that conflict with written policies and the use of flash or re-spawning cookies, an FTC spokesperson indicated that FTC does have authority under the FTC Act to investigate and enforce in situations where consumers’ choices are being subverted. To the extent that the presence of flash cookies is inconsistent with stated privacy policies or where compact policies allow more data sharing than written policies indicate are allowed, the FTC could investigate and take action. Some of us are clearly hoping that they do.