online privacy, consumer privacy,

Lightspring / Shutterstock.com

The FTC has put forward a draft order requiring Epic Marketplace, Inc., to destroy all of the consumer data it obtained through history-sniffing cookies and barring the company from future use of the technology.

The case illustrates how sophisticated digital behavior-monitoring technology has become and how limited the government’s ability to curtail the practice remains.

Despite a privacy policy that claimed that it collected information only about consumers’ visits to sites in its network, Epic was allegedly using history-sniffing technology that allowed it to collect data on their visits to sites and advertisements on more than 50,000 Web domains. Anytime a consumer visited one of the 45,000 sites that host Epic advertisements, s/he received a cookie that stored information about their online movements on those domains, which included pages relating to fertility issues, impotence, incontinence, disability insurance, credit repair, debt relief and personal bankruptcy.

The information gathered allowed Epic to serve consumers targeted advertisements.   

The FTC was able to act only because Epic misrepresented its actions in its privacy policy. The consent agreement requiring Epic to destroy the data it has collected and abandon the practice, if it becomes final after a 30-day public comment period, carries the force of law but applies only to the company in question. A single violation of the order would carry a civil penalty of up to $16,000.