EPIC - Privacy? Proposed Google/DoubleClick Merger

Privacy? Proposed Google/DoubleClick Deal

On April 20, 2007, EPIC, CDD, and US PIRG filed a complaint (pdf) with the Federal Trade Commission, requesting that the Commission open an investigation into the proposed acquisition, specifically with regard to the ability of Google to record, analyze, track, and profile the activities of Internet users with data that is both personally identifiable and data that is not personally identifiable. EPIC further urged the FTC to require Google to publicly present a plan to comply with well-established government and industry privacy standards such as the OECD Privacy Guidelines. Pending the resolution of these and other issues, EPIC encouraged the FTC to halt the acquisition. The three groups filed a supplement (pdf) to the complaint with the Commission in June.

The FTC has made a "second request" in its review of Google's merger with DoubleClick (the world’s largest Internet advertising technology firm). According to FTC Chair Majoras's statement (pdf) on the merger review process, "the majority of investigations in which the FTC issued a second request resulted in a merger challenge, consent order, or modification to the transaction, suggesting that the FTC generally issues second requests only when there is a strong possibility that some aspect of the investigation would violate the antitrust laws."

At a hearing on "An Examination of the Google-DoubleClick Merger and the Online Advertising Industry: What Are the Risks for Competition and Privacy?" on September 27, 2007, Sen. Herb Kohl said (pdf), "Some commentators believe that antitrust policymakers should not be concerned with these fundamental issues of privacy, and merely be content to limit their review to traditional questions of effects on advertising rates. We disagree. The antitrust laws were written more than a century ago out of a concern with the effects of undue concentrations of economic power for our society as a whole, and not just merely their effects on consumers’ pocketbooks. No one concerned with antitrust policy should stand idly by if industry consolidation jeopardizes the vital privacy interests of our ciitzens so essential to our democracy."

On December 21, 2007, the FTC approved the proposed merger without conditions in a 4-1 opinion (pdf). EPIC responded (pdf), saying that the unique circumstances of the online advertising industry required the FTC to impose privacy safeguards as a condition of the Google- Doubleclick merger. EPIC said that the FTC "had reason to act and authority to act, and failed to do so."

At a hearing before the European Parliament on January 21, 2008, EPIC President Marc Rotenberg testified (pdf) that the European Commission must establish privacy safeguards because the US Federal Trade Commission failed to do so (pdf) during the US merger review. Mr. Rotenberg also said that Google was beginning to reveal the characteristics of an "information monopolist" and that it was important for governments to act to preserve the rights of citizens and to safeguard competition and innovation in the information economy. .

Top News

Privacy Groups - "Google.com Should Link to a Privacy Policy". EPIC and a coalition of a dozen organizations, many based in California, have urged Google to include a link from its homepage to its privacy policy. In a letter to Google CEO Eric Schmidt, the groups say that the Internet giant is required by California privacy law to post the link. They also point out that posting it is the"widespread practice of commmercial web sites." Press release. (June 3).
EPIC Urges Senate Committee to Press FTC on Consumer Privacy and FOIA Obligations, Proposes Budget Cut for Agency. Today, EPIC asked the Senate Commerce Committee to press the Federal Trade Commission on the Commission's failure to adequately protect consumer privacy and failure to operate transparently. EPIC highlighted the Commission's failure to require privacy safeguards as a condition of the recent Google-Doubleclick merger. EPIC also detailed the FTC's handling of FTC Chairman Deborah Platt Majoras’ apparent conflict of interest in the merger review, and noted that the FTC has failed to disclose records relating to Jones Day's involvement in the merger review. The Senate Commerce Committee will hold hearings regarding the Commission's reauthorization on April 8, 2008. EPIC urged the Committee to cut the Commission's budget by 5% based on the Commission's lack of commitment to consumer privacy and open government. (Apr.7)
EPIC Sues Trade Commission to Compel Disclosure of Documents Concerning Jones Day's Role in US Doubleclick Merger Review. Today, EPIC filed a Freedom of Information Act lawsuit (pdf) challenging the Federal Trade Commission's failure to make public documents relating to the role of the Jones Day law firm in the Google-Doubleclick merger review. The lawsuit follows EPIC's original request (pdf) and subsequent administrative appeal (pdf). During the FTC merger review, Jones Day publicly stated that it represented Doubleclick (pdf). After EPIC learned that Chairman Majoras’ spouse is a Jones Day partner, EPIC moved for the recusal of the FTC Chairman, and emphasized that recusal had occurred in other similar matters involving conflicts of interest with the Jones Day firm. However, Chairman Majoras participated in the Google-Doubleclick review and voted to approve the merger without conditions, despite privacy groups' warnings that the merger would threaten consumer privacy. (Mar. 14)
European Commission Approves Google-Doubleclick Merger, But European Privacy Laws Will Apply. The European Commission today approved the proposed Google-Doubleclick merger under its competition authority. Though the Commission did not consider privacy in the merger review, it did reaffirm the obligation of Google-Doubleclick to comply with European privacy laws. "The Commission's decision to clear the proposed merger is based exclusively on its appraisal under the EU Merger Regulation. It is without prejudice to the merged entity's obligations under EU legislation in relation to the protection of individuals and the protection of privacy with regard to the processing of personal data and the Member States' implementing legislation." Last year, EPIC filed a complaint (pdf) with the US Federal Trade Commission, urging the FTC to open an investigation into the proposed acquisition, specifically with regard to the ability of Google to record, analyze, track, and profile the activities of Internet users. In January testimony (pdf) before the European Parliament, EPIC urged the European Commission to establish privacy safeguards as a condition of the merger. (Mar. 11)
EPIC Challenges Trade Commission's Failure to Produce Documents Concerning Jones Day's Role in US Doubleclick Merger Review. In a Freedom of Information Act appeal(pdf), EPIC challenged the Federal Trade Commission's failure to make public documents relating to the role of the Jones Day law firm in the Google-Doubleclick merger review. The appeal follows EPIC's original request. During the FTC review, Jones Day publicly stated that it represented Doubleclick but later denied representing Doubleclick, after EPIC learned that Chairman Majoras’ husband, John M. Majoras, is a Jones Day partner. EPIC moved for the recusal of the Chairman, and noted that recusal had occurred in other matters involving apparent conflicts of interest with the Jones Day firm. However, Chairman Majoras participated in the review and voted to approve the merger without conditions, despite privacy groups' warnings that the merger would threaten consumer privacy. (Feb. 13)
EPIC Urges European Parliament to Act on Google-Doubleclick Merger. In testimony (pdf) before the European Parliament in Brussels, EPIC President Marc Rotenberg said that the European Commission must establish privacy safeguards because the US Federal Trade Commission failed to do so (pdf) during the US merger review. Mr. Rotenberg also said that Google was beginning to reveal the characteristics of an "information monopolist" and that it was important for governments to act to preserve the rights of citizens and to safeguard competition and innovation in the information economy. (January 21)
EPIC - "Federal Trade Commission failed to address the privacy implications of the Google-Doubleclick Merger." In a detailed statement (pdf) issued today, EPIC said that the unique circumstances of the online advertising industry required the FTC to impose privacy safeguards as a condition of the Google-Doubleclick merger. EPIC said that the FTC "had reason to act and authority to act, and failed to do so." EPIC pointed out that the Commission ignored similar assessments form leaders in Congress and consumer protection agencies. EPIC said it would vigorously pursue Freedom of Information Act requests regarding the role of the Jones Day law firm in the merger review. EPIC pointed out that the FTCs decision "does not end the discussion about competition and privacy protection in the context of merger review. Consumers around the world will be impacted by the business practices of the combined entity, and the consequences will have to be addressed." Attention turns next to a hearing before the European Parliament on January 21. EPIC has been invited to testify. (December 20)
Commission Allows Google-Doubleclick Merger Without Conditions. In a 4-1 opinion (pdf), the Federal Trade Commission has approved the $3.1b Google-Doubleclick deal, saying that the proposed acquisition is "Unlikely to lessen competition." Commissioner Harbour dissented from the decision, stating that "If the Commission closes its investigation at this time, without imposing any conditions on the merger, neither the competition nor the privacy interests of consumers will have been adequately addressed." Commissioner Leibowitz, in a concurring opinion, warned that "industry participants must stop being coy and start being more forthcoming about their practices, the consumer information they collect, and how they use it" and recommended the adoption of opt-in for online services. The unconditional approval comes as a surprise following the earlier "Second Request" by the Commission which has historically indicated an intent to block a merger or impose conditions as a requirement for merger approval. EPIC and CDD have raised far-reaching objections to the merger. EPIC Statement. (December 20)
FTC Chair Dismisses Recusal Petition in Jones Day-Doubleclick Conflict of Interest Case, EPIC Files Expedited Open Government Request. FTC Chairman Deborah Majoras has refused to step down in the Commission's review of the Google-Doubleclick merger even though it was revealed this week that her husband's law firm is representing Doubleclick. EPIC and the Center for Digital Democracy have issued a statement. EPIC has also submitted a detailed Freedom of Information Act request seeking the expedited release of all documents concerning the participation of Jones Day in the Commission's review of Doubleclick as well as other matters involving consumer privacy. (December 15)
EPIC, CDD Raise New Questions About FTC Chair's Possible Conflict of Interest. Today EPIC and the Center for Digital Democracy provided new information to the Federal Trade Commission concerning Jones Day's representation of Doubleclick in the pending merger review. The new filing makes clear that statements denying Jones Day participation in the matter are flatly contradicted by an earlier posting on the firm's web site. The EPIC/CDD filing also notes that the firm has subsequently removed the relevant web pages from its web site. The groups are filing a Freedom of Information Act request for all documents at the Commission regarding the matter and notifying Congressional oversight committees. (December 13)
Recusal of FTC Chairman Sought in Google-Doubleclick Case. In a motion (pdf) filed today with the Secretary of the Federal Trade Commission, EPIC and the Center for Digital Democracy seek the disqualification of FTC Chairman Deborah Platt Majoras from the pending review of the proposed Google-Doubleclick merger. The organizations recently learned that the husband of the FTC Chairman has taken on Doubleclick as a client for his Washington, D.C. law firm. See EPIC's page on Privacy? Proposed Google-DoubleClick Merger. (December 12)
Leading Congressman Pushes for Google Privacy Review. Rep. Joe Barton, Ranking Member of the House Energy and Commerce Committee, today sent a letter to Google raising 24 questions about the company's proposed $3.1 billion merger with Doubleclick. Rep. Barton, co-founder of the House Privacy Caucus, asked Google to detail definitions of “anonymization” of consumer data, “behavioral targeting,” among other things. He also asked Google to explain “the need to retain collected information for the length of time [Google retains consumer data]” and “how and why information is combined or shared across platforms.” A number of Senators (pdf) and Representatives (pdf) have called for more in-depth review of the privacy questions raised by the proposed merger. The deal is under investigation at both the U.S. Federal Trade Commission and European Commission Directorate on Competition. See EPIC's page on Privacy? Proposed Google-DoubleClick Merger. (December 12)
Leading Senators Urge Comprehensive Privacy Review of Proposed Google-Doubleclick Deal. In a letter (pdf) to the Federal Trade Commission, Senators Herb Kohl and Orrin Hatch, Chairman and Ranking Member of the Senate Judiciary Committee's Subcommittee on Antitrust, Competition Policy and Consumer Rights, urged the FTC to critically analyze the privacy and competition effects of Google's $3.1 billion proposed merger with Internet advertising company DoubleClick. "[T]his deal raises fundamental consumer privacy concerns worthy of serious scrutiny," the senators wrote. In complaints (pdf) to the FTC, EPIC, the Center for Digital Democracy and US PIRG have detailed the reasons why the FTC needs to establish substantial privacy safeguards as a condition of the merger. The European Commission Directorate on Competition has announced a four-month in-depth investigation into the proposed merger. See EPIC's page on Privacy? Proposed Google/DoubleClick Deal. (November 20)
European Commission Opens In-Depth Investigation of Proposed Google-DoubleClick Merger. The European Commission Directorate on Competition has announced a four-month in-depth investigation into Google's $3.1 billion proposed merger with Internet advertising company DoubleClick. The Directorate has completed a preliminary investigation, which could have ended in either approval or this higher scrutiny of the merger. The proposed merger is also under review by the U.S. Federal Trade Commission following complaints (pdf) filed by EPIC, the Center for Digital Democracy and US PIRG. Also, a dozen Republican members of the U.S. House recently requested (pdf) a hearing into the privacy aspects of the merger. (November 13)
Republicans Seek Privacy Hearing on Google-DoubleClick Merger. A dozen Republican members of the House Subcommittee on Commerce, Trade and Consumer Protection have requested a hearing into the privacy aspects of the proposed Google-DoubleClick merger. In a letter(pdf), the members stated that the privacy implications of the merger "are enormous" and a hearing is needed to understand how consumers' information is used and what can be done to better protect consumer privacy. In complaints (pdf) to the FTC, EPIC, the Center for Digital Democracy and US PIRG have detailed the reasons why the FTC needs to establish substantial privacy safeguards as a condition of the merger. EPIC previously testified (pdf) about the proposed merger before the Senate Judiciary Committee. (November 7)
Google-Doubleclick Deal Looms Over Commission Workshop in DC. The Federal Trade Commission begins a two-day workshop today on Behavioral Targeting. EPIC has urged the Commission to establishe meaningful privacy safeguards for consumers and impose conditions on the merger of the two Internet advertising giants, Google andDoubleclick. The Center for Digital Democracy and US PIRG have also recommend that the FTC protect consumers from harmful interactive marketing practices. (November 1)
EPIC Urges Congress to Monitor Google-Doubleclick Review. In a letter (pdf) to the Congressional Committee that funds the Federal Trade Commission, EPIC urged oversight of the Commission's review of the pending Google-Doubleclick merger. In complaints (pdf) to the FTC, EPIC, the Center for Digital Democracy and US PIRG have detailed the reasons why the FTC needs to establish substantial privacy safeguards as a condition of the merger. If the FTC fails to do so, "we believe there should be a comprehensive investigation of the factors that led to the FTC's decision." (October 26)
Congressman Calls on FTC to Critically Analyze Proposed Google-DoubleClick Merger. Today Representative Ed Towns, member of the U.S. House Committee on Energy and Commerce, wrote (pdf) to FTC Chairman Deborah Platt Majoras asking the Commission "to analyze the unique consumer protection issues raised by Google's proposed acquisition of DoubleClick." He urged the Commission to ask questions, including, "Could Google become so powerful that it no longer would be subject to market pressure to compete with respect to the quality of its privacy practices?" Rep. Towns said, "Section 5 of the FTC Act gives the Commission broad authority to address potential consumer harms, and I trust the Commission will use this authority to ensure that consumers' privacy interests are protected in connection with Google's proposed acquisition of DoubleClick." (October 26)
European Inquiry of Proposed Google-DoubleClick Merger Extended. The European Commission has extended its investigation into Google's $3.1 billion proposed merger with internet advertising company DoubleClick. The deadline has been moved from October 26 to November 13. At that time, the Commission will either approve the deal or decide to open a more in-depth regulatory review that can take up to four months. The proposed merger is also under review by the U.S. Federal Trade Commission. (October 22)
Google Commands More than Half of All Searches Worldwide. Google was used for more than half of the world's 61 billion Internet searches in August, according to a report from comScore. In August, more than 750 million people 15 years old or older (about 95 percent of the global Internet audience) performed searches. Google and Google-owned YouTube accounted for 37.1 billion of the 61 billion searches. Yahoo was a distant second with 8.5 billion searches; Beijing-based Baidu.com was third with more than 3.2 billion searches; Microsoft was fourth with 2.1 billion searches, and Korea's Naver.com was fifth with 2 billion searches worldwide. (October 11)
German Data Protection Commissioner Protests Proposed Google-DoubleClick Merger. In a letter to the European Commissioner for Competition, the Data Protection Commissioner of the German federal state of Schleswig-Holstein urged the rejection of the proposed Google-DoubleClick merger. "At present we have to assume that in the event of a takeover of DoubleClick the databases of that company will be integrated into those of Google, with the result that fundamental provisions of the European Data Protection Directive will be violated," said Thilo Weichert. The European Commission Directorate on Competition is currently investigating the proposed merger. (October 1)
EPIC to Senate: FTC Must Impose Privacy Standards Before Approving Google-Doubleclick Merger. In testimony (pdf) before the Senate Judiciary Committee on the pending Google-Doubleclick merger, EPIC Executive Director Marc Rotenberg said that the Federal Trade Commission should establish privacy safeguards as a condition of the merger. EPIC filed a complaint before the Commission (pdf) in April regarding the merger, similar to other complaints filed by EPIC in the Doubleclick-Abacus merger (pdf), the Microsoft Passport matter (pdf), and Choicepoint. Since the filing of the EPIC complaint, competition authorities around the world have opened investigations. (September 27)
EPIC Sets Out Case Against Google-DoubleClick Merger. In a letter to the editor of the Financial Times, EPIC Executive Director Marc Rotenberg eplained the basis for EPIC's opposition to the Google-Doubleclick merger, and noted EPIC's similar successful complaints against Microsoft Passport and databroker Choicepoint. The U.S. Senate will hold a hearing this week on the proposed merger. (September 24)
U.S. Senate to Hold Hearing on Google-DoubleClick Merger. The United States Senate Judiciary Committee will hold a hearing entitled "An Examination of the Google- Doubleclick Merger and the Online Advertising Industry: What Are the Risks for Competition and Privacy" on Thursday, September 27. Dave Drummond of Google, Brad Smith of Microsoft, Scott Cleland of Precursor, Tom Lenard of the Progress & Freedom Foundation, and Marc Rotenberg of EPIC are expected to testify. (September 19)
EPIC, CDD, US PIRG File Additional Papers with FTC in Google-DoubleClick Merger. At the National Press Club today, EPIC, the Center for Digital Democracy, and US PIRG announced a second supplement (pdf) to the groups' original complaint (pdf) and subsequent supplement (pdf) with the Federal Trade Commission (FTC) concerning the proposed Google-DoubleClick merger. The amended complaint details new facts supporting the conclusion that the FTC should block Google's proposed acquisition of DoubleClick. Also today, the Canadian Internet Policy and Public Interest Clinic filed a formal complaint (pdf) with the Privacy Commissioner of Canada urging an investigation into the proposed merger. (September 17)
Google, Under Investigation for Violating Global Privacy Standards, Calls for New Global Privacy Standards. As Google faces opposition to the proposed acquisition of Doubleclick, Google's privacy counsel called for less restrictive global privacy standards. The company's current privacy practices are under investigation in many countries around the world, including the United States, Canada, Australia, and most of Europe. More information about international privacy standards is available in EPIC's Privacy Law Sourcebook. (September 14)
Australian Competition and Consumer Commission Investigates Google-DoubleClick Merger: On August 27, the Australian Competition and Consumer Commission began a review of the proposed Google-DoubleClick merger. The ACCC sent a letter to online publishers, digital agencies and other Internet service groups asking for opinions on the effect the proposed merger would have in the Australian market. The ACCC detailed (pdf) 10 questions, including whether the deal would give Google-DoubleClick the "incentive and/or ability to foreclose: a. rival search engines; and/or b. other providers of advertising services to online advertisers and publishers." The proposed merger is also under review by the U.S. Federal Trade Commission and the European Commission Directorate on Competition. (August 30)
Google Sells Ads on YouTube Videos: Google has announced that it has begun selling overlay ads to select videos running on YouTube, which Google bought less than 10 months beforehand. According to the Wall Street Journal, "YouTube's new format is a semitransparent ad that appears on the bottom 20% of the video. The ad shows up after a video plays for 15 seconds, and disappears up to 10 seconds later if the viewer doesn't click on it. Viewers can either click to close the ad right away or to watch the commercial." YouTube is the most popular online video site (pdf), and Google is now its exclusive server of display rich media advertising. Google and DoubleClick now both serve display ads. (August 21)
Internet Expected to Become No. 1 Ad Medium by 2011: A new report from equity firm Veronis Suhler Stevenson predicts that Internet advertising will overtake television, radio and newspapers to become the No. 1 advertising medium in four years. VSS predicts that online advertising will grow by more than 21 percent per year to reach $62 billion in 2011. (August 10)
Canadian Policy Group Urges Investigation into Proposed Google-DoubleClick Merger: In a complaint (pdf) filed today, the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa requested (pdf) that the Canadian Commissioner of Competition investigate the proposed Google/DoubleClick merger "on the grounds that it is likely to prevent or lessen competition substantially in the targeted online advertising industry." CIPPIC Director Philippa Lawson said, "Through the merger, Google-DoubleClick will gain unprecedented market power, with which they can manipulate online advertising prices. Advertisers and web publishers will have no real choice but to choose Google's advertisement platforms in order to remain visible in the e-commerce market." CIPPIC cited the FTC complaint (pdf) and supplement (pdf) from EPIC, CDD and US PIRG, as well as the ongoing European investigations into the merger. (August 2)
White Paper: Googleopoly: The Google-DoubleClick Anti-Competitive Case: Scott Cleland, President of Precursor LLC (a telecom consulting firm), today released a white paper on the proposed Google/DoubleClick merger. In it, he explains how a merger between Google and DoubleClick would facilitate a de facto information access monopoly and substantially lessen competition. "With [about] 60% share of each of their respective technology platforms, search and display, technologies which are mutually-reinforcing, the combination would enable a horizontal merger to monopoly, which would harm users, advertisers and content providers with higher prices and less choice." (July 17)
Google Cookies Will Delete After Two Years If Consumer Doesn't Return to Company's Sites: Google has announced that its cookies (files that allow a Web site to record your comings and goings, usually without your knowledge or consent) will automatically delete after two years if a user doesn't return to a Google site. If a user does return within the two-year period, the cookie will "re-set" for another two years, and the "re-setting" could continue indefinitely, well past the year 2039, when the current Google cookie is set to expire. Google's data retention practices are facing scrutiny (pdf) in Europe, and the FTC is reviewing its merger with DoubleClick amid privacy and antitrust questions. (July 17)
Federal Trade Commission Approves Microsoft's Acquisition of aQuantive: The Federal Trade Commission has approved Microsoft's $6 billion acquisition of Internet advertising firm aQuantive. When reviewing mergers and acquisitions, the FTC has a 30-day Hart-Scott-Rodino Act waiting period. This period elapsed without the FTC seeking a "second request" from the two companies, which means the FTC has approved the deal. FTC has made a "second request" in its review of Google's merger with DoubleClick (the world’s largest Internet advertising technology firm). According to FTC Chair Majoras's statement (pdf) on the merger review process, "the majority of investigations in which the FTC issued a second request resulted in a merger challenge, consent order, or modification to the transaction, suggesting that the FTC generally issues second requests only when there is a strong possibility that some aspect of the investigation would violate the antitrust laws." (July 9)
European Commission Opens Inquiry into Google/DoubleClick Merger: The European Commission Directorate on Competition will review Google's $3.1 billion merger with internet advertising company DoubleClick. The news comes a few days after European consumer group BEUC sent a letter (pdf) urging Commission to investigate the merger. The Article 29 Data Protection Working Party recently expanded (pdf) an investigation of Google's data retention policies to include the policies of all search engines. The U.S. Federal Trade Commission also is reviewing the merger. (July 6)
European Consumer Groups Urge European Commission to Investigate Google: In a letter (pdf) to the European Commission, consumer organizations, including BEUC, urged an investigation into the proposed merger of Google and DoubleClick. This merger means that "Google could monopolize the on-line advertising business, thereby restricting competition and raising privacy concerns over control of consumer data," the groups said. The situation is unique because, "Never before has one single company had the market and technological power to collect and exploit so much information about what a user does on the Internet." The merger's privacy and antitrust issues have been highlighted in an FTC complaint (pdf) by EPIC, CDD and U.S. PIRG, and a letter (pdf) from the New York State Consumer Protection Board. The Article 29 Data Protection Working Party has expanded (pdf) an investigation of Google to include the data retention policies of all search engines. (July 2)
FTC to Hold Town Hall Meetings on Behavioral Targeting: In a response (pdf) to a complaint (pdf) filed by CDD and US PIRG in November, the Federal Trade Commission announced that it "will hold at least one Town Hall meeting to learn more about behavioral targeting and related consumer protection issues." CDD and US PIRG's complaint urged the FTC to immediately begin investigating online advertising practices. "The data collection and interactive marketing system that is shaping the entire U.S. electronic marketplace is being built to aggressively track Internet users wherever they go, creating data profiles used in ever-more sophisticated and personalized "one-to-one" targeting schemes," the groups said. (June 22)
European Privacy Agency Expands Probe to All Search Engines: The Article 29 Data Protection Working Party has announced (pdf) that it will expand its initial investigation (pdf) into Google's privacy practices, specifically its retention of personal information. The Working Party will now review "search engines in general, and scrutinize their activities from a data protection point of view, because this issue affects an ever growing number of users." In response to the Working Party's investigation, earlier this month, Google announced (pdf) that it will soon retain user data for a maximum of 18 months. The company previously announced that it would begin retaining user data for a maximum of 18 to 24 months, but the company continues to operate under its policy of retaining the information indefinitely. (June 22)
Google Easily Tops List of U.S. Search Providers: Nielsen/Netratings announced (pdf) its May U.S. Search Share Rankings and Google again tops the list, with a 56.3 percent share of U.S. searches. Yahoo was a distant second with 21.5 percent; MSN had 8.4 percent, AOL had 5.3 percent, and Ask.com had 2.0 percent. The other companies listed in the Top 10 (My Web, Comcast, EarthLink, BellSouth, and Dogpile.com) all had less than one percent share. EPIC, CDD and US PIRG have filed a complaint (pdf) and a supplement (pdf) with the Federal Trade Commission explaining the need for the Commission to consider consumer privacy interests in the context of a merger review involving the Internet's largest search profiling company and the Internet's largest targeted advertising company, DoubleClick. (June 21)
Microsoft and Yahoo Acquisitions Also Under FTC Review: The FTC is reviewing two more large online-ad deals. Microsoft has bid $6 billion for digital maketing firm aQuantive, and Yahoo paid $680 million for the 80% of ad-exchange operator Right Media Inc. that Yahoo didn't already own. Microsoft and Yahoo are undergoing the initial FTC reviews under the Hart-Scott-Rodino antitrust law, but have not been asked to submit more information for a "second request." FTC is currently investigating Google's merger with DoubleClick (the world’s largest Internet advertising technology firm) and has made a "second request" in that review. According to FTC Chair Majoras's statement (pdf) on the merger review process, "the majority of investigations in which the FTC issued a second request resulted in a merger challenge, consent order, or modification to the transaction, suggesting that the FTC generally issues second requests only when there is a strong possibility that some aspect of the investigation would violate the antitrust laws." (June 15)
Google Cuts Retention Time, But Privacy Problems Remain: Google will cut the period that it retains user data from a maximum of 24 months to a maximum of 18 months, the company said in a letter (pdf) to the Article 29 Data Protection Working Party. Last month, the Working Party began to investigate (pdf) Google's privacy practices and asked whether the company has "fulfilled all the necessary requirements" to abide by EU privacy rules. In its letter, Google did not adequately explain why it needed to retain user data for 18 or 24 months, except to vaguely say that the data would help Google build new services, possibly help prevent fraud and abuse, and that the U.S. and EU member states might impose a 24-month retention requirement. Privacy International has ranked Google's privacy policies dead last among 23 top Internet companies, including AOL and Microsoft. For more information see EPIC's page on International Data Retention. (June 12)
Google Ranks Dead Last on Privacy Among Top Net Companies, Privacy International Reports: In a report released Saturday, Privacy International assigned Google its lowest possible grade, finding the company's privacy practices are the worst among Internet service companies. Not one of the other 22 companies surveyed (including AOL, Microsoft and Yahoo) "comes close to achieving status as an endemic threat to privacy" as Google, said Privacy International. The group cited the privacy issues raised by the Google/DoubleClick merger, which have been highlighted by in an FTC complaint (pdf) by EPIC, CDD and US PIRG, and a letter (pdf) from the New York State Consumer Protection Board. The Article 29 Data Protection Working Party has launched an investigation (pdf) into Google's data retention policies. (June 11)
Privacy Groups File Amended Complaint with FTC Regarding Google/DoubleClick Merger: EPIC, CDD, and US PIRG today filed a supplement (pdf) to the groups' original complaint (pdf) with the Federal Trade Commission (FTC) concerning the Google/DoubleClick merger. The new complaint explains the need for the FTC to consider consumer privacy interests in the context of a merger review involving the Internet's largest search profiling company and the Internet's largest targeted advertising company. The complaint provides additional evidence about Google and DoubleClick's business practices that fail to comply with generally accepted privacy safeguards, and proposes further steps that the Commission should take if the merger is to be approved. (June 6)
SEC Filing Reveals Google Subject to "Second Request" - Challenge, Order or Modification to Acquistion of Doubleclick Under Consideration: A recent filing with the Security and Exchange Commission indicates that the FTC "has issued a request for additional information and documentary materials regarding the proposed acquisition of" Doubleclick. According to FTC Chair Majoras's statement (pdf) on the merger review process, "the majority of investigations in which the FTC issued a second request resulted in a merger challenge, consent order, or modification to the transaction, suggesting that the FTC generally issues second requests only when there is a strong possibility that some aspect of the investigation would violate the antitrust laws." On April 20, EPIC, CDD and U.S. PIRG filed a complaint (pdf) with the FTC, requesting that the Commission open an investigation into the proposed acquisition. (May 30)
European Privacy Agency Opens Investigation Into Google: The Article 29 Data Protection Working Party has launched an investigation (pdf) into Google's privacy practices and specifically its retention of personal information. The Working Party has asked Google whether the company has "fulfilled all the necessary requirements" to abide by EU privacy rules. European Justice Commissioner Franco Frattini is backing the investigation. Last month EPIC filed a complaint (pdf) at the Federal Trade Commission recommending that that Commission block Google's proposed acquisition of online advertising company DoubleClick. EPIC said that Google has failed to establish basic privacy safeguards. The New York State Consumer Protection Board has also recommended (pdf) that that merger be blocked. (May 25)
New York State Consumer Protection Board endorses EPIC's Google/DoubleClick Complaint: The New York State Consumer Protection Board has sent a letter (pdf) to the FTC endorsing EPIC's recent complaint (pdf) regarding the privacy implications of the Google/DoubleClick merger. The Board stated, "[t]he combination of DoubleClick's Internet surfing history generated through consumers' pattern of clicking on specific advertisements, coupled with Google's database of consumers' past searches, will result in the creation of "super-profiles," which will make up the world's single largest repository of both personally and non-personally identifable information." The Board expressed concern that these profiles expose consumers to the risk of disclosure of their data to third-parties, as well as public disclosure as evidence in litigation or through data breaches. The Board urged the FTC to halt the merger until it has fully investigated Google's planned use of DoubleClick's data post-merger. (May 9)
DoubleClick Statement Regarding Data Ownership: On April 20, DoubleClick released a statement regarding data ownership in response to EPIC's complaint (pdf) with the FTC. DoubleClick stated that the data collected by its online display advertising technology (DART) could not be used by Google, or combined with information owned by Google. DoubleClick stated that such collected information belongs to DoubleClick's clients and not to DoubleClick. (April 20)
EPIC Files Complaint With FTC Regarding Google/DoubleClick Merger: On April 20, EPIC filed a complaint (pdf) with the Federal Trade Commission (FTC), urging the Commission to open an investigation into the proposed acquisition, specifically with regard to the ability of Google to record, analyze, track, and profile the activities of Internet users with data that is both personally identifiable and data that is not personally identifiable. EPIC further urged the FTC to require Google to publicly present a plan to comply with well-established government and industry privacy standards such as the OECD Privacy Guidelines. Pending the resolution of these and other issues, EPIC encouraged the FTC to halt the acquisition. (April 20)
Google Announces Agreement to Acquire DoubleClick: Google has announced an agreement to acquire online advertising giant DoubleClick, Inc. for $3.1 billion. See Google's Press Release on the agreement. Google has already expressed an intent to merge data from Google and DoubleClick to profile and target Internet users. (April 13, 2007)

EPIC's Complaint

On April 20, 2007, EPIC, CDD, and US PIRG filed a complaint (pdf) with the Federal Trade Commission (FTC), urging the Commission to open an investigation into the proposed acquisition of DoubleClick by Google. The groups urged the FTC to assesses the ability of Google to record, analyze, track, and profile the activities of Internet users with data that is both personally identifiable and data that is not personally identifiable. The groups stressed that the increased collection of personal information of Internet users by Internet advertisers poses far-reaching privacy concerns that the FTC should address. The groups further noted that Google fails to follow previously agreed upon standards for online advertising conduct, and urged the FTC to to require Google to publicly present a plan to comply with these standards. Pending the resolution of these and other issues, EPIC encouraged the FTC to halt the acquisition.

EPIC's June 2007 Supplement to the Original Complaint

On June 6, 2007, EPIC, CDD, and US PIRG filed a supplement (pdf) to the groups' original complaint (pdf) with the Federal Trade Commission (FTC) concerning the Google/DoubleClick merger. The new complaint explains the need for the FTC to consider consumer privacy interests in the context of a merger review involving the Internet's largest search profiling company and the Internet's largest targeted advertising company. The complaint provides additional evidence about Google and DoubleClick's business practices that fail to comply with generally accepted privacy safeguards, and proposes further steps that the Commission should take if the merger is to be approved.

EPIC's September 2007 Supplement to the Original Complaint

On September 17, 2007, at the National Press Club, EPIC, the Center for Digital Democracy, and US PIRG announced a second supplement (pdf) to the groups' original complaint (pdf) and subsequent supplement (pdf) with the FTC concerning the proposed Google-DoubleClick merger. The amended complaint detailed new facts supporting the position that "Google and DoubleClick have engaged in unfair and deceptive trade practices in violation of Section 5 of the Federal Trade Commission Act [. . . and] Google and DoubleClick have failed to establish adequate privacy safeguards to protect the interests of Internet users." The groups said, "[P]ending the establishment in fact of such protection, the Commission should block the proposed merger."

FTC Authority to Act

The FTC's primary enforcement authority with regards to privacy is derived from 15 U.S.C. § 45, commonly known as section 5 of the Federal Trade Commission Act (FTCA). Section 5 of the FTCA allows the FTC to investigate "unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce." Although this law does not grant the FTC specific authority to protect privacy, over the last number of years it has been used to bring public attention to significant privacy issues and to provide a legal basis so as to reform business activities that threaten consumer privacy.

Antitrust Experts on Privacy Review by FTC

"Some commentators believe that antitrust policymakers should not be concerned with these fundamental issues of privacy, and merely be content to limit their review to traditional questions of effects on advertising rates. We disagree. The antitrust laws were written more than a century ago out of a concern with the effects of undue concentrations of economic power for our society as a whole, and not just merely their effects on consumers’ pocketbooks. No one concerned with antitrust policy should stand idly by if industry consolidation jeopardizes the vital privacy interests of our ciitzens so essential to our democracy." Sen. Herb Kohl (PDF) at a hearing on "An Examination of the Google-DoubleClick Merger and the Online Advertising Industry: What Are the Risks for Competition and Privacy?," September 27, 2007.

"Albert A. Foer, president of the American Antitrust Institute, said the government has historically avoided taking non-competition issues into account when reviewing mergers. Still, he noted that the FTC is a consumer protection agency and may 'very well' be interested in hearing privacy concerns."Albert A. Foer, president of the American Antitrust Institute. Alexei Alexis, FTC Exam of Google-DoubleClick Deal Should Order Use of ‘Opt-In’ Data Policy, Groups Say, Electronic Commerce & Law, Vol. 12, No. 24, June 13, 2007.

"The issues [antitrust and privacy] are not unrelated, in that one of the claims of the opponents of the deal is that giving the combined entity access to the data gathered by both companies not only creates a privacy problem, but also creates a barrier to entry to others who want to compete in the Internet advertising business." Brokerage Stifel, Nicolaus & Company, Inc. Google-DoubleClick Goes to the FTC: Approval Still Looks Likely, But Potential for Privacy Conditions Rises (PDF), Washington Telecom, Media, & Tech Insider, June 1, 2007.

"The privacy concern is, 'Will one entity have so much control that the information is going to be centralized?,' " said Andrew Klevorn, an antitrust attorney with Eimer Stahl in Chicago. "Will they have too much informational power?" Google comes under scrutiny, San Francisco Chronicle, May 30, 2007.

"The privacy issue is also the competitive issue," said Blair Levin, an analyst at brokerage Stifel, Nicolaus. "The biggest barrier to entry is not money or engineers or the networks, but the information on the behavior of people on the Internet." FTC study of Google purchase may focus on privacy, Los Angeles Times, May 30, 2007.

"The combination of DoubleClick's Internet surfing history generated through consumers' pattern of clicking on specific advertisements, coupled with Google's database of consumers' past searches, will result in the creation of 'super-profiles,' which will make up the world's single largest repository of both personally and non-personally identifiable information," Mindy Bockstein, executive director of the NY State Consumer Protection Board. "In the best interest of consumers, we call for a halt to the merger until the Federal Trade Commission ("FTC") has fully investigated Google's planned use of the data post-merger." Letter from NY State Consumer Protection Board to FTC Urging Delay of Google/Doubleclick Merger (PDF), May 1, 2007.

"We think antitrust authorities should take a hard look at this deal and the implications," said Jim Cicconi, senior executive vice president for external affairs at AT&T. “If any one company gets a hammerlock on the online advertising space, as Google seems to be trying to do, that is worrisome." Microsoft Urges Review of Google-DoubleClick Deal, New York Times, April 16, 2007.

"This proposed acquisition raises serious competition and privacy concerns in that it gives the Google-DoubleClick combination unprecedented control in the delivery of online advertising and access to a huge amount of consumer information by tracking what customers do online," Microsoft General Counsel Brad Smith said. "We think this merger deserves close scrutiny from regulatory authorities to ensure a competitive online-advertising market." Companies want scrutiny of Google-DoubleClick deal, CNet News.com, April 15, 2007.

"Today, just a very few telecom giants have an enormous amount of personal information on virtually every American's phone calls. As the market concentrates, the threat to our privacy grows. These considerations should be paramount to all of us who have the responsibility to review these mergers," Sen. Herbert Kohl, Chairman of the Subcommittee on Antitrust, Competition Policy and Consumer Rights of the Senate Judiciary Committee. Statement of the Honorable Herbert Kohl at a Hearing on AT&T/BellSouth Merger, June 22, 2006.

Impact of Search Engines

Internet search engines, such as those offered by Google, Yahoo, and Microsoft, are the primary means by which individuals access content on the Internet. Search terms entered into the main Google search engine alone may reveal a plethora of personal information such as an individual's medical issues, associations, religious beliefs, political preferences, sexual orientation, and investments monitored. In 2005, more than 60 million American adults used search engines on a typical day. The number is no doubt much higher today.

FTC Review of EPIC DoubleClick Complaint (2000 - 2001)

The Federal Trade Commission has previously investigated DoubleClick Inc. for violations of the Federal Trade Commission Act. On February 10, 2000, EPIC filed a complaint with the FTC concerning the information collection practices of DoubleClick. EPIC alleged that DoubleClick was unlawfully tracking the online activities of Internet users and combining surfing records with detailed personal profiles contained in a national marketing database. EPIC asked the FTC to investigate the practices of the company, to destroy all records wrongfully obtained, to invoke civil penalties, and to enjoin the firm from violating the Federal Trade Commission Act. On February 14, 2000, DoubleClick revealed in a document filed with the Securities and Exchange Commission that the FTC was investigating the company's privacy practices.

On March 2, 2000, DoubleClick CEO Kevin O'Connor released a statement that said that the company made a "mistake by planning to merge names with anonymous user activity across Web sites in the absence of government and industry privacy standards."' The FTC investigation into the company's privacy practices continued.

On January 22, 2001, the FTC released a letter announcing that it had closed its investigation of DoubleClick. The letter listed a number of commitments DoubleClick agreed to make, including a commitment to abide by the NAI Privacy Principles.

Google's Business Practices

Google operates the largest Internet search engine in the United States. According to a comScore press release, Google captured almost 50% of the U.S. search engine market in March 2007, with approximately 3.5 billion search queries were performed on Google web sites. Google's services include:

Google search: any search term a user enters into Google;
Google Desktop: an index of the user's computer files, e-mails, music, photos, chat, and web browser history;
Google Talk: instant-message chats between users;
Google Maps: address information requested, often including the user's home address for use in obtaining directions;
Google Mail (Gmail): a user's e-mail history, with default settings set to retain e-mails "forever";
Google Calendar: a user's schedule as inputted by the user;
Google Orkut: social networking tool storing personal information such as name, location, relationship status, etc.;
Google Reader: which ATOM/RSS feeds a user reads;
Google Video/YouTube: videos watched by user;
Google Checkout: credit card/payment information for use on other sites.

Google stores its users' search terms in connection with their Internet Protocol (IP) address, a unique string of numbers that identifies each individual computer connected to the Internet. When a user enters a search term into Google's search engine, Google's servers automatically log the user's web request, IP address, browser type, browser language, the date and time of the request and one or more cookies that may uniquely identify the user's browser. As a user's Web request includes the requested search term, Google's logs link a user's personally-identifiable IP address with their search terms. A January 2006 poll of 1,000 Google users found that 89% of respondents think their search terms are kept private, and 77% believed that Google searches do not reveal their personal identities. These numbers indicate that Google's practices violate the public's expectation of privacy with respect to the collection and use of search history data. Though Google tracks its users' search activity in connection with their IP address, Google does not currently use this data to engage in behavioral targeting.

DoubleClick's Business Practices

DoubleClick is a leading provider of Internet-based advertising. The company places advertising messages on Web sites. DoubleClick reaches an estimated 80 to 85 percent of the users of Internet. Its customers include Time Warner's AOL and Viacom's MTV Networks.

DoubleClick tracks the individual Internet users who receive ads served through DoubleClick. When a user is first "served" an ad, DoubleClick assigns the user a unique number and records that number in a "cookie" file stored on the user's computer. As that user subsequently visits other Web sites on which DoubleClick serves ads, he or she is identified and recorded as having viewed each ad. DoubleClick stores a user's history for two years. Using the unique numbers contained in cookies, DoubleClick's "DART" (Dynamic, Advertising, Reporting, and Targeting) technology enables advertisers to target and deliver ads to Web users based on pre-selected criteria.

Google and Privacy

According to comScore, three out of every 10 (30.1 percent) of U.S. Internet users streamed video from YouTube.com, recently acquired by Google, in March 2007 alone. YouTube Chief Marketing Officer Suzie Reider recently revealed that YouTube will expand the amount of user demographic data it retains later this year. Reider stated, "We'll never have had [sic] that much data about that much content. [. . .] By Q3 we'll have a tremendous amount of metrics and data around every video. There's lots you can glean from looking at who's looking at what. It's a real-time focus group that happens all day, every day." (quote from AdAge).

European Review of Google Merger

On May 16, 2007, the European Union's Article 29 Data Protection Working Party launched an investigation into Google's privacy practices. In a letter (pdf) to Google, chair of the Article 29 Working Party, Peter Schaar asked whether the company has "fulfilled all the necessary requirements" to abide by EU privacy rules. Mr. Schaar explained, "As you are aware, server logs are information that can be linked to an identified or identifiable natural person and can, therefore, be considered personal data in the meaning of Data Protection Directive 95/46/EC. For that reason, their collection and storage must respect data protection rules." EU Directive 95/46/EC states that individuals' personal information can only be collected for "specified, explicit and legitimate purposes." Information that is collected can only be kept in identifiable form for as long as is "necessary for the purposes for which the data were collected or for which they are further processed."

Earlier this year, Google announced that it was changing its privacy policy, and would maintain user-specific information from Web searches for a period of 18 to 24 months. Google previously stored this information for as long as it was useful. After the 18- to 24-month period, the company claims that it will obscure the data, making it more difficult to identify individuals. This change "does not seem to meet the requirements of the European legal data protection framework," Mr. Schaar wrote. The Working Party requested a detailed explanation from Google as to 1) "why this long storage period was chosen" for the server logs, 2) "the purposes for which server logs need to be kept," and 3) "Google's legal justification for the storage of server logs in general." Also, the Working Party questioned whether the 30-year lifetime of the "Google cookie," which tracks users, "goes beyond what seems to be 'strictly necessary' for the provision of the service."

Mr. Schaar pointed to the "Resolution on Privacy Protection and Search Engines," (pdf) which urged data minimization and addressed several issues with regard to server logs and the detailed profiling of users. "The Article 29 Working Party fully supports this Resolution and would appreciate the detailed views of Google on the steps which it has taken to fully implement its recommendations." The Working Party will discuss the investigation into Google's privacy practices at its meeting in June and requested that the company respond before then. European Justice Commissioner Franco Frattini is backing the investigation.

In a September 26, 2007 letter to the European Commissioner for Competition, the Data Protection Commissioner of the German federal state of Schleswig-Holstein urged the rejection of the proposed Google-DoubleClick merger. "At present we have to assume that in the event of a takeover of DoubleClick the databases of that company will be integrated into those of Google, with the result that fundamental provisions of the European Data Protection Directive will be violated," said Thilo Weichert.

The European Parliament will hold a hearing on the proposed Google-DoubleClick merger on January 21, 2008. EPIC has been invited to testify.

FTC Review of EPIC Microsoft Passport Complaint (2001 - 2002)

On July 26, 2001, EPIC and twelve organizations submitted a complaint (pdf) to the FTC, detailing serious privacy implications of Microsoft Windows XP and Microsoft Passport. The complaint alleged that Microsoft “has engaged, and is engaging, in unfair and deceptive trade practices intended to profile, track, and monitor millions of Internet users,” and that the company's collection and use of personal information violated Section 5 of the Federal Trade Commission Act.

After Microsoft announced a series of changes to Windows XP and Passport in response to the complaint, EPIC et al. submitted a supplement (pdf) to the FTC further detailing specific ways Microsoft XP and Passport would harm consumer interests.

The privacy and security risks outlined in the complaint were: facilitation of online profiling through a sign on requirement into Passport in order to view web content; covert sharing of consumer's personal information within the MSN network; an increase in the amount of unsolicited commercial e-mail from the sharing of e-mail addresses within the MSN network (with no option for the consumer to opt-out of such a system); and Microsoft's failure to establish adequate security standards to ensure that personal information held by Microsoft, such as credit card data, were protected from disclosure to a third party.

In August 2002, the FTC announced a settlement in its privacy enforcement action against Microsoft. The settlement required that Microsoft establish a comprehensive information security program for Passport, and prohibited any misrepresentation of its practices regarding information collection and usage.

The agreement was significant because the FTC did not uncover any security breaches, but acted nonetheless based on the potential for a security problem. This action demonstrated that the FTC has the authority to protect online privacy, and that the commission will hold companies to a very high standard in their representations to consumers about privacy policies. Since the FTC settlement of the EPIC complaint against Passport, industry groups have moved toward decentralized
identity systems that are more robust, provide more security, and are better for privacy. For more information, see EPIC's page on Microsoft Passport Investigation Docket.

FTC Review of EPIC ChoicePoint Complaint (2004-2006)

In December 2004, EPIC filed a complaint with the Federal Trade Commission against databroker ChoicePoint. EPIC urged the agency to investigate the compilation and sale of personal dossiers by data brokers such as ChoicePoint. EPIC argued that the dossiers may constitute "consumer reports" for purposes of the Fair Credit Reporting Act, thus subjecting both the information seller and the buyer to regulation under the Act. Furthermore, EPIC argued that it is incumbent upon the Commission to analyze whether the sale of these dossiers circumvents the Act, giving businesses, private investigators, and law enforcement access to data that previously had been subjected to Fair Information Practices.

In February 2005, EPIC supplemented the ChoicePoint complaint and raised three additional issues relevant to the rise of commercial databrokers. First, an article written by Robert O'Harrow Jr. of the Washington Post quoted ChoicePoint representatives saying that the company acts like an "intelligence agency" and that the data industry should be subject to new regulations because of how personal information is being used. O'Harrow's article demonstrated the reliance on commercial data brokers for decision-making, and the growing importance that the brokers' data be accurate and their practices accountable to the public. Second, the letter included a dialogue from Declan McCullagh's Politechbot.com mailing list concerning the December 2004 complaint. A list message from a private investigator who uses ChoicePoint noted that the company maintains an audit trail of clients who access personal information. The EPIC supplement points out that law enforcement users are not subject to the audit trails, and that EPIC is unaware of a single case where a commercial databroker has turned in a user for prosecution as a result of an audit showing prohibited use of the service. Last, the EPIC supplement included a transcript of a recent television broadcast, "Someone's Watching," that aired on Dec. 18, 2004, on the Discovery Times Channel. The broadcast shows two private investigators using a commercial databroker to access a stranger's Social Security Number, employment details, and other information without any legal justification.

In 2005, based on the EPIC complaint, the FTC alleged (pdf) that ChoicePoint did not have reasonable procedures to screen and verify prospective businesses for lawful purposes and as a result compromised the personal financial records of more than 163,000 customers in its database. Because of this breach, the FTC alleged that ChoicePoint violated the Fair Credit Reporting Act by furnishing the financial records to subscribers that did not have a permissible purpose to obtain them. The FTC additionally alleged that ChoicePoint engaged in unfair or deceptive practices in violation of Section 5 of the Federal Trade Commission Act.

In January 2006, the FTC announced a settlement (pdf) with ChoicePoint, requiring the company to pay $10 million in civil penalties and provide $5 millions for consumer redress. It is the largest civil penalty in FTC history. ChoicePoint was also required to verify, "(1) the business identity of the subscriber, and (2) that the subscriber is a legitimate business engaged in the business certified and has a permissible purpose for obtaining consumer reports." The FTC also required ChoicePoint to establish, implement, and maintain "a comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of the personal information it collects from or about consumers."

Additional Parties to the Complaint

Center for Digital Democracy
The Center for Digital Democracy (CDD) is a nonprofit organization working to ensure that the digital media systems serve the public interest. CDD is committed to preserving the openness and diversity of the Internet in the broadband era, and to realizing the full potential of digital communications through the development and encouragement of noncommercial, public interest programming. For more information on CDD's position on the Google/DoubleClick merger, visit CDD's Jeff Chester's blog entries on the subject.

U.S. Public Interest Research Group
The U.S. Public Research Group (U.S. PIRG) serves as both the federal advocacy office for and the federation of non-profit, non-partisan state Public Interest Research Groups, with over one million members nationwide. U.S. PIRG is a strong supporter of fair, competitive marketplace practices, including compliance with the OECD Guidelines for the Protection of Privacy.

Resources

European Commission Directorate on Competition, Press Release, Mergers: Commission clears proposed acquisition of DoubleClick by Google, March 11, 2008.
Peter Swire, Center for American Progress, Video, "What Happens to Your Information?" February 11, 2008.
Marc Rotenberg, EPIC, Testimony (PDF) Before the European Parliament on Proposed Google/DoubleClick Merger, January 21, 2008.
Marc Rotenberg, EPIC, Statement (PDF) in Response to FTC Opinion Approving the Google-DoubleClick Proposed Merger, December 21, 2007.
Commissioner Pamela Jones Harbour, Dissent (PDF) from FTC Opinion Approving the Google-DoubleClick Proposed Merger, December 21, 2007.
Federal Trade Commission, 4-1 Opinion (PDF) Approving the Google-DoubleClick Proposed Merger, December 21, 2007.
Marc Rotenberg, EPIC, and Jeff Chester, CDD, Statement in Response to FTC Chairman Majoras's Refusal to Recuse Herself From Review of Google-DoubleClick Proposed Merger (PDF), December 15, 2007
Chairman Deborah Platt Majoras, Federal Trade Commission, Response to EPIC/CDD Motion to Disqualify FTC Chairman Majoras From Pending Review of Google-DoubleClick Proposed Merger, December 14, 2007
Marc Rotenberg, EPIC, and Jeff Chester, CDD, Supplement to Motion to Disqualify FTC Chairman Deborah Platt Majoras From Pending Review of Google-DoubleClick Proposed Merger (PDF), December 13, 2007.
Marc Rotenberg, EPIC, and Jeff Chester, CDD, Motion to Disqualify FTC Chairman Deborah Platt Majoras From Pending Review of Google-DoubleClick Proposed Merger (PDF), December 12, 2007.
Rep. Joe Barton, Letter to Google Requesting Answers Concerning Privacy Questions of Its Proposed Merger with DoubleClick, December 12, 2007.
Senators Herb Kohl and Orrin Hatch, Chairman and Ranking Member of the Subcommittee on Antitrust, Competition Policy and Consumer Rights of the Senate Judiciary Committee, Letter urging FTC to give "serious scrutiny" to privacy and antitrust aspects of proposed Google-DoubleClick merger (PDF), November 19. 2007.
European Commission Directorate on Competition, Page on Investigation of Proposed Google-DoubleClick Merger.
European Commission Directorate on Competition, Press Release, Mergers: Commission opens in-depth investigation into Google's proposed take over of DoubleClick, November 13, 2007.
Twelve Republican Members of Congress, Letter requesting a hearing on the privacy aspects of the proposed Google/DoubleClick merger (PDF), November 6. 2007.
Center for Digital Democracy and US PIRG, Press Release, Consumer Groups Renew Call for FTC Action to Protect Consumers from Harmful Interactive Marketing Practices, including Behavioral Profiling, November 1, 2007.
EPIC, Letter to the House Subcommittee on Financial Services and General Government urging the committee to monitor the FTC review of the proposed merger (PDF), October 26, 2007.
Representative Ed Towns, member of the U.S. House Committee on Energy and Commerce, Letter to FTC Chairman Deborah Platt Majoras urging a critical review of the proposed Google-DoubleClick merger (PDF), October 26, 2007.
Peter Swire, Protecting Consumers: Privacy Matters in Antitrust Analysis, analysis of online behavioral targeting, October 19, 2007.
Thilo Weichert, Data Protection Commissioner of the German federal state of Schleswig-Holstein, Letter to the European Commissioner for Competition urging the rejection of the proposed Google-DoubleClick merger, September 26, 2007.
Marc Rotenberg, EPIC, Testimony Before the Senate Judiciary Committee on Proposed Google/DoubleClick Merger (PDF), September 27, 2007.
Marc Rotenberg, President, EPIC, Letter to Financial Times, "Google's proposals on internet privacy do not go far enough," September 23, 2007.
EPIC, CDD, U.S. PIRG., Second Supplement to Original Complaint to the FTC Concerning Google/DoubleClick Merger (PDF), September 17, 2007.
Canadian Internet Policy and Public Interest Clinic, Request for Audit of Google Inc. and DoubleClick Inc. (PDF), September 17, 2007.
Jeff Chester, Center for Digital Democracy, Google's DoubleClick Takeover: Double Data-Dealing (DOC), Comments at the National Press Club, September 17, 2007.
Google Posting, Call for global privacy standards, Official Google Public Policy Blog, September 14, 2007.
Australian Competition and Consumer Commission, Letter to Online Publishers, Digital Agencies and Other Internet Service Groups Asking for Opinions on the Effect Proposed Google-DoubleClick Merger Would Have in the Australian Market (PDF), August 27, 2007.
Canadian Internet Policy and Public Interest Clinic, Section 9 Application for an Inquiry into the Proposed Merger of Google, Inc. and DoubleClick Inc. (PDF), August 2, 2007.
Canadian Internet Policy and Public Interest Clinic, Press Release (PDF), CIPPIC calls on Competition Commissioner to review Google-DoubleClick merger, August 2, 2007.
Microsoft and Ask.com, Press Release, Microsoft and Ask.com Call on Industry to Join Together to Evolve Privacy Protections for Consumers, July 22, 2007.
Googleopoly: The Google-DoubleClick Anti-Competitive Case, Scott Cleland, President, Precursor LLC -- A Techcom Industry Research and Consulting Firm, July 17, 2007.
Letter from European Consumer Groups to the European Commission Urging an Investigation of Google/DoubleClick merger (PDF), June 27, 2007.
Google Posting, Why we're buying DoubleClick, Official Google Blog, June 26, 2007.
Letter from FTC to CDD and U.S. PIRG Announcing Town Hall Meeting on Behavioral Targeting (PDF), June 21, 2007.
Press Release from Article 29 Data Protection Working Party Announcing Google Probe Will Expand to All Search Engines (PDF), June 21, 2007.
Google, Posting to Google Blog by Peter Fleischer, Global Privacy Counsel, How long should Google remember searches?, June 11, 2007.
Letter from Google to Article 29 Data Protection Working Party in Response to Working Party Investigation of Google's Privacy Practices (PDF), June 10, 2007.
Privacy International, A Race to the Bottom: Privacy Ranking of Internet Service Companies, June 9, 2007 (ranking Google dead last on privacy among top Internet companies).
EPIC, CDD, U.S. PIRG., Supplement to Original Complaint to the FTC Concerning Google/DoubleClick Merger (PDF), June 6, 2007.
Letter from Article 29 Data Protection Working Party to Google Opening an Investigation Into the Company's Privacy Practices (PDF), May 16, 2007.
Letter from NY State Consumer Protection Board to FTC Urging Delay of Google/Doubleclick Merger (PDF), May 1, 2007.
EPIC, CDD, U.S. PIRG., Complaint to the FTC Concerning Google/DoubleClick Merger (PDF), April 20, 2007.
Press Release, Google to Acquire DoubleClick, April 13, 2007.
Google FAQ, FAQ: Google Acquires DoubleClick (PDF), April 13, 2007.
TACD Statement on AOL-Time Warner Merger (PDF), February 2000 (discusses privacy issues involved in a merger between a large Internet Service Provider and a large media company).
EPIC's Gmail Privacy Page
Federal Trade Commission's page on Hart-Scott-Rodino Act pre-merger review .

Editorials on Google

Google's Paltry Privacy Proposal, BusinessWeek, October 12, 2007.
Why Yahoo, not Google, should drive your search, Chicago Tribune, October 12, 2007.
Don't give Google double the power, San Francisco Chronicle, October 3, 2007 .
Ultimate Internet gatekeeper?, Washington Times, September 30, 2007.
Who's afraid of Google?, Economist, August 30, 2007.
Googling 'Monopoly', Wall Street Journal, August 21, 2007.
Is It OK that Google Owns Us?, eWeek.com, June 17, 2007.
Google warrants an inquiry, FinancialTimes.com, June 13, 2007.
Watching Your Every Move, New York Times, June 13, 2007.
FTC obligated to set Internet standards, San Jose Mercury News, June 7, 2007.
An unsafe search, San Francisco Chronicle, June 5, 2007.

News Items

Google resolve crumbles on 'cookies' pledge, Financial Times, April 21, 2008.
Faces of Business 2007: Peter Fleischer, Google privacy counsel, San Francisco Chronicle, December 30, 2007.
Google Replies to Lawmaker's Questions on Privacy, IDG News Service, December 24, 2007.
Antitrust regulators approve Google's DoubleClick purchase, San Francisco Chronicle, December 21, 2007.
Google's DoubleClick deal brings focus on privacy, IDG News Service, December 21, 2007.
Google focuses on EU review, Associated Press, December 21, 2007.
FTC approves Google deal despite privacy concerns, Los Angeles Times, December 21, 2007.
Consumer group opposes Google deal with DoubleClick, Bloomberg, December 19, 2007.
Privacy Groups Pressure FTC to Watch Google, PC World, December 19, 2007.
Senators Want Careful Review Of Google-DoubleClick, CNNMoney.com, November 19, 2007.
Lawmakers urge Google/DoubleClick deal scrutiny, Reuters, November 19, 2007.
Google Hits European Hurdle on DoubleClick Deal, New York Times, November 13, 2007.
Brussels to investigate Google ad deal, Financial Times, November 13, 2007.
EC to investigate Google-DoubleClick deal, Computerworld, November 13, 2007.
EU extends review of Google/DoubleClick merger, CNet News.com, November 13, 2007.
The battle for control of the internet, Times Online, November 12, 2007.
DoubleClick Serves Up Vast Malware Blitz, eWeek.com, November 12, 2007.
F.T.C. to Review Online Ads and Privacy, New York Times, November 1, 2007.
Online Marketers Joining Internet Privacy Efforts, New York Times, October 31, 2007.
EC extends Google-DoubleClick probe, Reuters, October 23, 2007.
EU Examining Google-DoubleClick Bid, Associated Press, October 22, 2007.
EU inquiry deadline for Google buy of Doubleclick extended to Nov 13, Thomas Financial, October 22, 2007.
Google Tops Charts in Global Search, Computerworld, October 11, 2007.
Google Commands 60% of Global Searches, eWeek.com, October 11, 2007.
Google powers half the world's web searches, London Telegraph, October 11, 2007.
Data protection advocates protest against Google's DoubleClick deal, Heise Online, September 28, 2007.
Microsoft complains to senators about Google buying DoubleClick, San Francisco Chronicle, September 28, 2007.
Google Defends DoubleClick Deal As Benefit To Industry, MediaPost, September 28, 2007.
Google Defends the DoubleClick Deal, BusinessWeek, September 28, 2007.
If the Internet Is Just Tubes, Then Is Google a Pipeline?, PC Magazine, September 27, 2007.
Google looking at privacy protections for users, Reuters, September 27, 2007.
Google seeks European Union blessing of DoubleClick buy, Agence France Presse, Reuters, September 24, 2007.
Google's acquisition of DoubleClick spurs privacy fears, Inquirer, September 18, 2007.
Privacy groups: Google's call for standard not enough, Computerworld, September 17, 2007.
Google's Press for Global Privacy Fans Flames, MediaPost, September 17, 2007.
Google Calls for International Standards on Internet Privacy, Washington Post, September 15, 2007.
Google Posting, Call for global privacy standards, Official Google Public Policy Blog, September 14, 2007.
Google proposes global privacy standard, CNet News.com, September 13, 2007.
Watchdog examines Google bid, Sydney Morning Herald, September 6, 2007.
EU questions Google customers over DoubleClick, Reuters, September 6, 2007.
Internet Displaces Radio As Fourth Biggest Ad Medium, Media Daily News, August 31, 2007.
Inside the Googleplex, Economist, August 30, 2007.
Microsoft-Google Showdown Heats Up as Court Rule Ends, Bloomberg News, August 30, 2007.
Keynote Conversation With Marissa Mayer, Vice President, Search Products & User Experience at Google, Search Engine Roundtable, August 22, 2007.
Google's growth has come at a price, San Jose Mercury News, August 19, 2007.
Online ads to overtake US newspapers, Financial Times, August 7, 2007.
Antitrust now a battleground for Google and foes, Los Angeles Times, August 6, 2007.
Google and Privacy, International Business Times, August 4, 2007.
Canadian Policy Group Seeks Official Google/DoubleClick Review, MediaPost Publications, August 3, 2007.
Canadian group opposes Google-DoubleClick deal, CNet News.com, August 2, 2007.
Canadian Internet Policy and Public Interest Clinic, Press Release, CIPPIC calls on Competition Commissioner to review Google-DoubleClick merger, August 2, 2007 (pdf).
Video, Cell, Display Ads Get More Google Focus, CNN Money.com, August 2, 2007.
M&A volume surges on Google-Doubleclick transaction, 9:01 am, July 30, 2007.
Search engines race to update privacy policies, ZDNet News, July 23, 2007.
Web-Search Privacy Efforts Move to Forefront, Wall Street Journal, July 23, 2007.
Microsoft curtails how long it stores Web searches, Reuters, July 22, 2007.
Microsoft and Ask.com, Press Release, Microsoft and Ask.com Call on Industry to Join Together to Evolve Privacy Protections for Consumers, July 22, 2007.
Google Plans Search Service for Mobile Content, Wall Street Journal, July 17, 2007.
A Study in Contrasts: Yahoo and Google, New York Times, July 16, 2007.
Google hotly denies deception over links, Telegraph, , July 16, 2007.
Google cookie cut unlikely to satisfy privacy concerns, Platinax, July 16, 2007.
Google vs Australia and the forgotten Facebook lawsuit, Guardian Unlimited, July 16, 2007.
Google cookies will 'auto delete,' BBC News, July 16, 2007.
Google takes swipe at Viacom, Australian IT, July 16, 2007.
Google Knows All, Or Close Enough To Raise Concerns, Investor's Business Daily, July 16, 2007.
Google Keeps Top Search Spot in June, Associated Press, July 16, 2007.
Google Loses Search Share, Microsoft Gains, InformationWeek, July 16, 2007.
Taking the temperature on Google Health, CNet News.com, July 16, 2007.
ComScore: Google Sites Got 49.5% Of U.S. Searches In June, Dow Jones Newswires, July 16, 2007.
On the Record with Deborah Majoras, FTC Chairwoman, San Francisco Chronicle, July 15, 2007.
Google Web Search Is A Game-Changer In Advertising Field, Investor's Business Daily, July 13, 2007.
Yahoo Closes Right Media Deal, Associated Press, July 12, 2007.
Google buys e-mail security firm, International Herald Tribune, July 10, 2007.
Google Buys Online Security Firm Postini In $625 Mil Deal, Investor's Business Daily, July 9, 2007.
News Analysis: Marketers Eye Google In Web Privacy War, BrandWeek, July 9, 2007.
FTC Clears Microsoft's $6 Billion Deal For aQuantive, InformationWeek, July 9, 2007.
Google's Bid for DoubleClick to Be Reviewed by European Union, Bloomberg News, July 6, 2007.
European Union to look into Google's $3.1B DoubleClick deal, San Jose Mercury News, July 6, 2007.
Web search groups to yield on privacy, Financial Times, July 5, 2007.
Your television will soon be watching what you're watching, Sydney Morning Herald, July 5, 2007.
Yahoo's SmartAd Idea Raises Privacy Concerns, ABC News, July 4, 2007.
Google-DoubleClick Deal Draws Criticism, Associated Press, July 4, 2007.
BEUC calls for investigation into Google’s DoubleClick bid, Marketing Week UK, July 3, 2007.
Google's GrandCentral Buy Anticipates Web Voice Mail, PC Mag.com, July 3, 2007.
Online Customized Ads Move a Step Closer, New York Times, July 2, 2007.
Consumer group hits at Google $3bn move, Financial Times, July 2, 2007.
Net growth prompts privacy update, BBC News, June 30, 2007.
Google Explains Why It Bought DoubleClick, Internet Financial News, June 27, 2007.
Why we're buying DoubleClick, Official Google Blog, June 26, 2007.
Gov Regulators To Study, Not Regulate Online Marketing, Wired News, June 25, 2007.
EU data privacy adviser widens Google probe to all Internet search engines, Associated Press, June 21, 2007.
NetRatings Search Share: Google, Ask.com Up In May, MediaPost, June 21, 2007.
EU delays Google decision, Bloomberg News, June 20, 2007.
Is Google Too Big?, PC World, June 19, 2007.
Google deputy general counsel addresses privacy fears, San Jose Mercury News, June 17, 2007.
FTC Examines Web-Ad Deals Involving Microsoft, Yahoo, Wall Street Journal, June 14, 2007.
Google in a pickle over data retention, Technology Law, June 14, 2007.
Privacy Torments Google, Image and Data Manager, June 14, 2007.
EU Official Welcomes Google Privacy Move, Associated Press, June 13, 2007.
Google bows to privacy pressure from Europe, Times Online, June 12, 2007.
Google limits data retention in EU compromise, Reuters, June 12, 2007.
Google to limit data retention to 18 months, FinancialTimes.com, June 12, 2007.
Poor Privacy Grade Reflects Google's Growing Power, Wired News, June 12, 2007.
How long should Google remember searches?, Google Blog, Posted by Peter Fleischer, Global Privacy Counsel, June 11, 2007.
Google's e-mail for universities, BBC News, June 11, 2007.
Check Google Apps privacy, firms urged, ComputerWeekly.com, June 11, 2007.
Google's privacy policies worst on Web: watchdog, Associated Press, June 11, 2007.
Google’s year-long shopping spree in review, Computerworld New Zealand, June 11, 2007.
Privacy group demands apology from Google, Guardian Unlimited, June 11, 2007.
Privacy Group Claims Google Has An "Entrenched Hostility to Privacy," Wired News, June 11, 2007.
Watchdog Group Slams Google on Privacy, Associated Press, June 9, 2007.
Groups want limits on Google, San Francisco Chronicle, June 7, 2007.
Google/DoubleClick Deal Draws More Fire From Privacy Groups, MediaPost Publications, June 7, 2007.
Watchdogs Oppose $3.1B DoubleClick, Google Merger Plan (PDF), Congress Daily AM, June 7, 2007.
Getting Comfortable With Less Privacy, MediaPost Publications, June 4, 2007.
Internet powerhouse Google bets on lots of small businesses and new applications as it looks for ways to extend its reach, Boston Globe, June 4, 2007.
Driven by YouTube, Google Sites Account for 17 Percent of all Video Streams, comScore Press Release, June 4, 2007.
Google-DoubleClick Goes to the FTC: Approval Still Looks Likely, But Potential for Privacy Conditions Rises, Washington Telecom, Media, & Tech Insider, June 1, 2007 (pdf).
EU decision on Google data privacy months away, Reuters, May 31, 2007.
Google comes under scrutiny, San Francisco Chronicle, May 30, 2007.
FTC to Review Google Acquisition, Wall Street Journal, May 30, 2007.
Google CEO hopes DoubleClick deal closes by yr-end, Reuters, May 30, 2007.
Privacy concerns prompt inquiry into Google's £1.5bn purchase of DoubleClick, Guardian, May 30, 2007.
Google deal to get antitrust review, Los Angeles Times, May 30, 2007.
FTC does a DoubleClick double take, Bloomberg News, May 30, 2007.
Google chairman says privacy concerns won't scut