Skip to main content

After two weeks of talk about track, the trending topic is tracking, including the FTC’s $22.5 million settlement with Google for violating an earlier order.  Google told users of the Safari browser it wouldn’t place tracking cookies or serve them targeted ads, but the FTC charged that the company’s tracking practices went far afield of its claims.  Of course, the terms of that settlement apply just to Google, but there’s a lot savvy executives can take from the case and other recent FTC actions that touch on tracking.

It’s a decathlon, not a dash.  By now, most companies have (we hope) gotten the message that what they say in their privacy policies has to line up with their day-to-day operations.  But chances are you’re conveying claims not just in your privacy policy, but also where you talk about choice mechanisms, opt-outs, and other ways users can customize their experience.  The FTC’s complaint against Google cites — among other things — alleged misrepresentations on the company’s Advertising Cookie Opt-Out Plug-in page.  The message for businesses?  Like decathletes, prudent companies excel across the board.  They know where they make privacy promises, maintain an inventory of the cookies they use, and don’t launch new ones without thinking through the implications.

Members only.  No, not the sporty jackets from the 80s.  We’re talking here about what’s conveyed when companies highlight their affiliation with self-regulatory programs.  To join the Network Advertising Initiative (NAI), a voluntary self-regulatory group for the online ad industry, companies agree to disclose their data collection and use practices.  Although Google touted its NAI membership, the FTC says the company didn’t truthfully disclose what it was doing with Safari users’ data.  Therefore, the FTC charged that Google misrepresented the extent to which it honored NAI’s Code.  Membership in self-regulatory programs is your call, but once you advertise your adherence to an industry code, live up to its terms.

Ill-advised disguise.  Marathoners dream of entering the stadium first and running that last stretch in front of a cheering crowd.  But remember American Frank Shorter in the ‘72 Olympics?  He led the pack into the arena, but didn’t know someone had donned a uniform, hidden under the bleachers, and taken a victory lap before officials figured out the ruse.  Of course, the circumstances are different, but our point relates to the FTC’s allegation that Google used code to disguise its cookie to work around Safari’s opt-out default setting.  The take-away for careful companies is that sidestepping users’ preferences can lead to costly legal missteps.

Relay race.  Many recent FTC privacy cases suggest a disconnect between what companies say they’re doing and what’s actually happening behind the scenes.  How do businesses overcome that hurdle?  Coaches love to quote the Lombardi-esque chestnut, "There is no I in T-E-A-M."  But if you’re talking about your company’s data management team, there should be an I-T.  Your information technology staff needs to run a strong lead-off with smooth baton passes to your marketing execs and legal advisors.  But victory depends on a solid anchor leg from top management committed to crossing the finish line in front.

(We'll stop with the sports metaphors for now.)


It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

More from the Business Blog

Get Business Blog updates