Click here for Adobe Acrobat version
Click here for Microsoft Word version
Click here for Consent Decree
********************************************************
NOTICE
********************************************************
This document was converted from Microsoft Word.
Content from the original version of the document such as
headers, footers, footnotes, endnotes, graphics, and page numbers
will not show up in this text version.
All text attributes such as bold, italic, underlining, etc. from the
original document will not show up in this text version.
Features of the original document layout such as
columns, tables, line and letter spacing, pagination, and margins
will not be preserved in the text version.
If you need the complete document, download the
Microsoft Word or Adobe Acrobat version.
*****************************************************************
Media Contact:
Will Wiquist, (202) 418-0509
will.wiquist@fcc.gov
For Immediate Release
FCC SETTLES VERIZON "SUPERCOOKIE" PROBE,
REQUIRES CONSUMER OPT-IN FOR THIRD PARTIES
Verizon Wireless to Obtain Affirmative Consent from Consumers
Before Sending Unique Identifier Headers to Third Parties
WASHINGTON, March 7, 2016 – The Federal Communications Commission today announced a
settlement resolving an investigation into Verizon Wireless’s practice of inserting unique
identifier headers or so-called “supercookies” into its customers’ mobile Internet traffic without
their knowledge or consent. These unique, undeletable identifiers – referred to as UIDH – are
inserted into web traffic and used to identify customers in order to deliver targeted ads from
Verizon and other third parties. As a result of the investigation and settlement, Verizon Wireless
is notifying consumers about its targeted advertising programs, will obtain customers’ opt-in
consent before sharing UIDH with third parties, and will obtain customers’ opt-in or opt-out
consent before sharing UIDH internally within the Verizon corporate family.
“Consumers care about privacy and should have a say in how their personal information is used,
especially when it comes to who knows what they’re doing online,” said FCC Enforcement
Bureau Chief Travis LeBlanc. “Privacy and innovation are not incompatible. This agreement
shows that companies can offer meaningful transparency and consumer choice while at the same
time continuing to innovate. We would like to acknowledge Verizon Wireless’s cooperation
during the course of this investigation and its willingness to make changes to its practices for the
benefit of its customers.”
In December 2014, the FCC’s Enforcement Bureau launched an investigation into whether
Verizon Wireless failed to appropriately protect customer proprietary information and whether the
company failed to disclose accurate and adequate information regarding its insertion of UIDH into
consumer Internet traffic over its wireless network, in violation of the FCC’s 2010 Open Internet
Transparency Rule and Section 222 of the Communications Act. The Bureau’s investigation
found that Verizon Wireless began inserting UIDH into consumer Internet traffic as early as
December 2012, but failed to disclose this practice until October 2014.
After acknowledging its use of UIDH, Verizon Wireless asserted that third-party advertising
companies were unlikely to use these so-called “supercookies” to build consumer profiles or for
any other purpose. In January 2015, however, news reports claimed that a Verizon Wireless
advertising partner used UIDH for unauthorized purposes – restoring cookie IDs that users had
cleared from their browsers by associating them with Verizon Wireless’s UIDH, in effect
overriding customers’ privacy choices. The following month, Verizon Wireless acknowledged
the concerns raised by these news reports and committed to work with its partners to address the
issue.
It was not until late March 2015, over two years after Verizon Wireless first began inserting
UIDH, that the company updated its privacy policy to disclose its use of UIDH and began to offer
consumers the opportunity to opt-out of the insertion of unique identifier headers into their
Internet traffic.
Under the terms of the settlement, the company must also pay a fine of $1,350,000 and adopt a
three-year compliance plan.
Section 222 of the Communications Act imposes a duty on carriers to protect their customers’
proprietary information and use such information only for authorized purposes. It also expressly
prohibits carriers that obtain proprietary information from other carriers for the provision of
telecommunications services to use such information for any other purpose. Section 8.3 of the
Commission’s rules, known as the Open Internet Transparency Rule, requires every fixed and
mobile broadband Internet access provider to publicly disclose accurate information regarding the
network management practices, performance, and commercial terms of its broadband Internet
access services sufficient for consumers to make informed choices regarding use of such services
and for content, application, service, and device providers to develop, market, and maintain
Internet offerings.
Today’s settlement represents the second Open Internet enforcement action taken by the FCC. In
June 2015, the FCC proposed a $100 million fine against AT&T Mobility for misleading its
customers about the data speed limits on its so-called “unlimited” mobile data plans.
The Verizon Wireless Order and Consent Decree are available at:
https://apps.fcc.gov/edocs_public/attachmatch/DA-16-242A1.pdf.
###
Office of Media Relations: (202) 418-0500
TTY: (888) 835-5322
Twitter: @FCC
www.fcc.gov/office-media-relations
This is an unofficial announcement of Commission action. Release of the full text of a Commission order constitutes
official action. See MCI v. FCC, 515 F.2d 385 (D.C. Cir. 1974).