Since the next version of the privacychoice opt-out tool will incorporate integrated control of Flash cookies, we’ve developed internal tools to start monitoring the incidence of use of Flash cookies by tracking companies. It’s not news that use of Flash cookies has been widely embraced by ad networks; what is surprising is how few of them explain this in their privacy disclosures, or provide any guidance on how to delete or control them.
The most notable example of missing Flash-cookie disclosure comes from the biggest dog of all: Google’s DoubleClick subsidiary. We’re seeing their Flash cookie, googleads.g.doubleclick.net, on multiple test machines, which raises questions:
- If I expressly opt out using the regular DoubleClick browser cookie, and then that opt-out cookie is deleted for any reason, does DoubleClick reconnect my profile with the surviving Flash cookie? Why doesn’t Google just delete the Flash cookie as part of the normal opt-out process?
- Better yet, if Google is using Flash cookies to enhance the ad serving experience, why not set the user’s opt-out preference with a durable Flash cookie?
My guess is that DoubleClick’s Flash cookies are not used for interest gathering or ad targeting, but in the absence of a clear statement as to how they are used, consumers are left to wonder.