The US Federal Communications Commission (FCC) has fined Verizon Communications $1.35m (£950,235) after a 15-month investigation into the company's use of mobile supercookies concluded the practice infringed on user privacy.
Supercookies, also referred to as unique identifier headers (UIDHs) or zombie-cookies, were being used by Verizon to record web browsing habits with the aim of serving up targeted advertisements to customers without permission or consent, the FCC ruled. In its detailed assessment, the FCC revealed that from 2012 to late 2014, Verizon Wireless failed to disclose its tracking practice which was in violation of the 2010 Open Internet Transparency Rule and Section 222 of the Communications Act.
Now, alongside the hefty fine, Verizon will be required to ask for customer permission before sharing any tracking information with third-party companies or advertisers. Furthermore, customers must now be given the option to opt-in and opt-out of sharing such information with the mobile carrier, the watchdog ruled.
"Consumers care about privacy and should have a say in how their personal information is used, especially when it comes to who knows what they're doing online," said FCC Enforcement Bureau Chief Travis LeBlanc in a statement following the settlement.
"Privacy and innovation are not incompatible," he continued. "This agreement shows that companies can offer meaningful transparency and consumer choice while at the same time continuing to innovate. We would like to acknowledge Verizon Wireless's cooperation during the course of this investigation and its willingness to make changes to its practices for the benefit of its customers."
Major changes under way
According to Rich Young, Verizon's regulatory spokesperson, the firm has already started to make the changes demanded by the FCC privacy probe. "Verizon gives customers choices about how we use their data, and we work hard to provide customers with clear, complete information to help them make decisions about our services," he said, as reported by The New York Times.
"Over the past year, we have made several changes to our advertising programs that have provided consumers with even more options. Today's settlement with the FCC recognises that. We will continue to give customers the information they need to decide what programs and services are right for them," he added.
The use of such tracking cookies was first uncovered in 2014 and led to a substantial backlash brought on by revelations that a Verizon advertising partner had misused the tracking feature to override customer privacy settings. In March last year, Verizon first gave users the ability to turn off the much-maligned tracking cookies.
The news of the latest FCC ruling has been lauded by Jacob Hoffman-Andrews, a senior staff technologist at the Electronic Freedom Foundation (EFF), who called it a "huge win" for internet privacy. "Internet Service Providers (ISPs) are trusted carriers of our communications. They should be supporting individuals' privacy rights, not undermining them," he said. "[The ruling] sets a new standard: ISP tracking is a great risk to individual privacy, and requires a correspondingly high standard of consent."
The settlement is the second internet enforcement action taken by the FCC. In June 2015, it proposed a $100m fine against AT&T for misleading customers about the data speed limits on its so-called 'unlimited' mobile data plans.