DoubleClick seems to be even less forthcoming about privacy than Google. I checked out their privacy policy, and here is a summary of what it says:
The only personal information DoubleClick collects is voluntarily provided by people and includes contact information from people who contacted DoubleClick and e-mail addresses of people who signed up for newsletters. (1) DoubleClick defines personal information as anything that can identify a particular person, including names, addresses, e-mail addresses, telephone numbers, social security numbers, credit card numbers, or bank account numbers. (2)
Non-personal information is collected through session cookies, persistent cookies, server logs, and Web beacons. DoubleClick considers ISPs, operating systems, browser types, and cookie IDs to be non-personal information. (2)
Session cookies are cookies that last only until a user closes his or her browser. DoubleClick uses session cookies when visitors reach their site through ads on other sites. The cookies track what site the user reached DoubleClick.com from and what ad they clicked on, so that DoubleClick can track the effectiveness of their advertising.
Persistent cookies are cookies that last over more than one browser session and are stored in the Cookies folder on a user’s computer. DoubleClick doesn’t go into much detail on how extensively it uses these on its site, but states that it uses data from them “to better understand how the website is used, resolve technical problems, and enhance your experience at this site.” (1)
DoubleClick also uses a specific type of persistent cookies called DART cookies to serve ads on other sites. The cookie gives each user a unique numerical identifier so that DoubleClick’s client sites can track what ads and sponsored search listings they click on in order to deliver personalized ads and gauge which ads are most successful. It is the clients, not DoubleClick, that decide how they will use cookie information to determine which ads to display. So, although DoubleClick makes clients promise never to use sensitive or personally-identifiable information to choose ads, (2) one never really knows what data the client sites are gathering about their users.
Thankfully, DoubleClick makes it easy for users to opt out of the DART cookies. By merely clicking a button on DoubleClick’s privacy page, a user can replace his or her DART cookie with an opt-out cookie. This opt-out cookie contains no unique numerical identifier, but it does track the user’s operating system, browser type, IP address, and local time. For users who have opted out, ads are targeted based only on the content of the client web page that the user is viewing. Simply deleting the DART cookie is not a good way of opting out, since each site that displays DoubleClick ads will search for a DoubleClick cookie and will set a new cookie if there isn’t already one. If a user clicks on the “opt-out” link, however, all sites that display DoubleClick ads will recognize the opt-out cookie and will not set any new cookies. (3)
Another way that DoubleClick collects information is through server logs, which track IP addresses and referring URLs so that DoubleClick can find out how people use its site. (1) The privacy policy doesn’t go into much more detail than this regarding server logs.
Finally, DoubleClick uses Web beacons, which they describe as “small strings of code that are placed in a Web page.” (1) I decided to do a little more research, and I found out that Web beacons are also known as “Web bugs” and are used to track users’ behavior on third-party sites. A Web bug is an image, usually transparent, that is displayed on a web site but resides on another site’s server. When a Web bug loads, the server where the image resides can log information about who views the bug, and therefore who views the third-party website. This information includes what one would expect to find in server logs, such as the user’s IP address, browser type, time of visit, and the URLs of the third-party site and the bug image. (4) So, for example, DoubleClick may place Web bugs on sites that it serves ads on. This would enable them to track how popular each site is, as well as (through IP addresses or cookies) which sites each individual views so that it can customize future ads to the individual based on his or her browsing history.
Towards the end of its privacy policy, DoubleClick states that it may share information with third parties if it has a contract with them to “provide some part of the information or service that you have requested.” (1) It also reminds users that personal information” may be subject to disclosure pursuant to judicial or other government subpoenas, warrants or orders.” (1) Finally, DoubleClick says that it takes “reasonable security measures in order to protect both personal and non-personal information from loss, misuse and unauthorized access, disclosure, alteration or destruction.” (1)
Sources:
1. “Privacy Policy for Information Use at This Website.” DoubleClick.com. 28 Aug. 2006. 23 Dec. 2007. <http://www.doubleclick.com/privacy/index.aspx>.
2. “FAQ.” DoubleClick.com. 23 Dec. 2007 <http://www.doubleclick.com/privacy/faq.aspx>.
3. “DART Ad-serving and Search Cookie Opt-Out.” DoubleClick.com. 23 Dec. 2007 <http://www.doubleclick.com/privacy/dart_adserving.aspx>.
4. Smith, Richard M. “The Web Bug FAQ.” EFF.org. 11 Nov. 1999. 23 Dec. 2007 <http://w2.eff.org/Privacy/Marketing/web_bug.html>.