A recent Federal Trade Commission (FTC) settlement is a reminder that companies should make sure that they live up to their privacy policies and that their opt-out procedures work as promised.  If not, the FTC is likely to claim that the company violated Section 5 of the FTC Act by engaging in unfair and deceptive practices.

That is what happened to Turn Inc., a digital media company that provides targeted digital advertisements to consumers.  According to the FTC’s complaint, Turn advertised that it was the “largest independent company in the advertising technology sector” reaching over 1.3 billion unique users per month, with “rich profile data on more than 99 percent of North American consumers.” In a consent order announced on December 20, 2016, Turn Inc. agreed to settle FTC charges that it had deceived consumers by tracking them online and through their mobile applications, even after consumers had opted out of being tracked.  Turn thus violated two of the FTC’s key Privacy Principles: transparency and honoring consumer privacy choices.

The FTC complaint alleged that Turn’s privacy policy falsely represented that consumers could opt out of being tracked by instructing their browser to ‘‘stop accepting cookies.’’  Instead, the FTC alleged, Turn continued to track consumers even after they had opted out as instructed.  The FTC complaint also alleged that Turn’s privacy policy misrepresented that its opt-out mechanism would be effective in blocking targeted advertising on both mobile Web sites and in mobile apps.  That was false, according to the FTC Complaint, because in fact Turn’s opt-out mechanism worked only for mobile browsers and did not block ads in mobile applications.

The consent order prohibits Turn from misrepresenting a) its practices regarding data collection and usage, and b) the extent to which consumers can limit, control, or prevent Turn’s collection and usage of data about them or their devices.  The consent order also requires Turn to post a “clear and conspicuous” hyperlink on Turn’s homepage stating ‘‘Consumer Opt Out of Targeted Advertising.’’  The hyperlink must take consumers to a clear and conspicuous disclosure that explains what information Turn collects and uses for targeted advertising, and provides an effective opt-out mechanism that allows consumers to prevent Turn from collecting or using consumers’ information.  Turn must also post on its website a description of its targeted advertising technologies and methods it uses for targeted advertising.

The consent order was published for public comment in the December 27, 2016 Federal Register.  After the 30-day public comment period, the Commission will finalize the proposed consent order final.  This case illustrates the downside of posting privacy policies that do not reflect a company’s actual practices, and implementing opt-out procedures that do not work as described.  Those are basic principles, but with the New Year arriving, this is a good time to dust off those privacy policies and consumer options and make sure that all work as described, and give effect to the privacy choices made by consumers.