The company, in its settlement with the Federal Communications Commission, will also seek customer permission before internally sharing information gleaned by tracking its mobile customers using undeletable supercookies, the agency said Monday. The company will also pay a US$1.35 million fine for its use of the unique identifier headers, called UIDH or supercookies.
"Consumers care about privacy and should have a say in how their personal information is used, especially when it comes to who knows what they’re doing online," FCC Enforcement Bureau Chief Travis LeBlanc said in a statement. "Privacy and innovation are not incompatible."
The FCC, in December 2014, launched an investigation into Verizon's use of supercookies, with the agency looking into whether the company failed to adequately protect customer proprietary information and failed to disclose the practice.
The FCC’s investigation found that Verizon Wireless began inserting UIDH into consumer Internet traffic as early as December 2012, but failed to disclose the practice until October 2014.
The disclosure of the practice prompted three U.S. senators, in early 2015, to call for an investigation, although the FCC's inquiry had already started.
In early 2015, Verizon announced it would allow customers to opt out of the tracking. About the same time, news reports suggested a Verizon Wireless advertising partner had restored cookie IDs that users had cleared from their browsers by associating them with Verizon Wireless’ UIDH, in effect overriding customers’ privacy choices.
Verizon had made several changes to its privacy practices over the past year in an effort to give customers "even more options," Verizon spokesman Richard Young said by email. The settlement recognizes those changes, he added.
"Verizon gives customers choices about how we use their data, and we work hard to provide customers with clear, complete information to help them make decisions about our services," Young said.