Verizon Wireless Settles FCC Supercookie Investigation for $1.35 Million | Practical Law

Verizon Wireless Settles FCC Supercookie Investigation for $1.35 Million | Practical Law

The FCC and Verizon Wireless have entered into a consent decree to resolve an investigation into whether the company's use of supercookies to track customers' online activities violated the FCC's Open Internet Transparency Rule and Section 222 of the Communications Act of 1934.

Verizon Wireless Settles FCC Supercookie Investigation for $1.35 Million

Practical Law Legal Update w-001-5026 (Approx. 4 pages)

Verizon Wireless Settles FCC Supercookie Investigation for $1.35 Million

by Practical Law Intellectual Property & Technology
Published on 08 Mar 2016USA (National/Federal)
The FCC and Verizon Wireless have entered into a consent decree to resolve an investigation into whether the company's use of supercookies to track customers' online activities violated the FCC's Open Internet Transparency Rule and Section 222 of the Communications Act of 1934.
On March 7, 2016, the FCC announced that it has entered into a consent decree with Verizon Wireless to resolve an investigation into the company's use of unique identifier headers (UIDH), also known as supercookies. Verizon Wireless uses supercookies to track online activities and deliver targeted advertising to customers.
In December 2014, the FCC's Enforcement Bureau launched an investigation to determine whether Verizon Wireless failed to:
  • Protect customer proprietary network information.
  • Accurately disclose its insertion of UIDH into customers' internet traffic over its wireless network.
Since December 2012, Verizon Wireless has inserted supercookies into its customers' internet traffic. Verizon Wireless inserted the supercookies into its customers' web traffic to create profiles and deliver targeted ads from Verizon Wireless and third parties. The company did not disclose its use of UIDH until October 2014 and did not update its privacy policy to address UIDH until March 2015. During the investigation, Verizon Wireless also admitted that at least one advertising partner circumvented customers' privacy choices by using supercookies to restore cookie IDs that users had cleared from their browsers by associating them with UIDH.
According to the FCC, Verizon Wireless's use of supercookies violated:
  • Section 222 of the Communications Act of 1934 (47 U.S.C. § 222), which:
    • imposes a duty on carriers to protect customer proprietary network information;
    • requires carriers to use such information only for authorized purposes; and
    • expressly prohibits carriers that obtain customer proprietary network information from other carriers for the provision of telecommunications services to use such information for any other purpose.
  • The FCC's Open Internet Transparency Rule (47 C.F.R. § 8.3), which requires internet access providers to publicly disclose accurate information regarding network management practices, performance, and commercial terms of their broadband internet access services so consumers may make informed choices.
Following the settlement, Verizon Wireless must:
  • Pay a $1,350,000 fine.
  • Adopt a three-year compliance plan.
  • Notify consumers about its targeted advertising programs.
  • Obtain customers' opt-in consent before sharing UIDH with third parties.
  • Obtain customers' opt-in or opt-out consent before sharing UIDH internally within Verizon Communications Inc. and its subsidiaries.
The settlement serves as a reminder that companies must consider potential privacy impacts when implementing new and innovative technologies.