Responding to the news outbreak and to the fact that two of its high profile customers, Hulu and Spotify, suspended its services, KISSmetrics overhauled its tracking methods over the weekend and is now permitting users to block its surveillance. However, it seems to be too little and too late. The company and 20 of its clients now face a class action lawsuit which has been filed against them.
In the complaint, plaintiffs claim that the Privacy Act and Electronics Communications Privacy Act has been breached and that their personal property has been trespassed on. They also allege that the analytics company has violated the Unfair Competiton Law.
Anyone who has visited one of the defendants’ sites is able to join the class action, and actual damages of up to $10,000 per member of the class are sought. If punitive damages are also awarded the lawsuit could be worth hundreds of millions of dollars.
The lawsuit is based on the fact that KISSmetrics forcibly extracted private data from the plaintiffs, without their consent. It is alleged that HTML5 Local Storage, ETags, Flash LSOs and other methods were used in a surreptitious manner to gather sensitive data.
The complainants claim that the storage methods were deliberately used to hide tracking cookies from the user. In addition, even after the user manually opted out of cookies – ETags still persisted.
To put it in simple words, KISSmetrics and its clients are being sued for taking data even when the plaintiffs had explicitly stated that they did not want to be tracked. This is a serious breach of the privacy laws and is backed by a preceding case – in December 2010, Quantcast settled a similar class action lawsuit for $ 2.4 million.
The Federal Trade Commission and numerous other governmental bodies have stressed and ruled on the importance of online privacy in the past few months and it is puzzling as to why KISSmetrics indulged in such activities in such a background.
Commenting on KISSmetrics reversal act on the cookies, Ashok Soltani, one of the leading researchers on the Berkley Study said that it amounted to nothing more than ‘ privacy whitewashing.’ “They are trying to figure out a way to weather the storm,” he said.
Soltani added that the research covered only the top 100 websites and they were likely more examples of invasive tracking, particularly in the seedier portions of the internet – the porn sites. He opined that clearer policies were required to specify what tracking is legitimate so as to prevent such occurrences.
The incident might also play into a growing concern in D.C. over online tracking.
The solution for those who wish to opt out of online tracking is for web browsers to provide better ways of interrogating and managing the data stored by Flash and HTML5. ETags, are a different breed altogether, but they can be blocked with Firefox at present and hopefully with the future versions of Chrome and Internet Explorer.