Submitted by Marc Groman on September 29, 2014

When NAI is there, most definitely.  We understand the privacy challenges faced by our members and the brands they partner with.  In fact, here at NAI, we are working on them every day.

Companies big and small are looking to target across channels, formats, screens and platforms in an effort to reach consumers at every point in the purchase funnel.  Yet significant challenges remain for all companies to truly leverage data for effective and efficient marketing uses.  That includes first-party, third-party and even second-party data, not to mention a brand’s own CRM data.  The goal is to reach the right customers at the right time with the most relevant ad —perhaps even in the right location. 

A lot of the debate at AdWeek will center on next generation tracking and state maintenance as the utility and reach of http cookies dwindles.  How will companies — and more importantly, our entire industry — resolve the pressing questions about cross device tracking and measurement?  This tees up a range of critical issues, including the role of technology, competition, scalability, efficiency, integrity and personalization.  It also raises questions about the ability for brands and publishers to provide consumers the digital experience they want — a consistent, dynamic, engaging and relevant experience across all their devices. 

As advertising experts debate the best way to approach these issues at this week’s panels and events, NAI staff will be right there weighing in with recommendations about the responsible collection and use of data for digital advertising in this amazing cross-device world.  This core issue continues to be hot — and not just among wonks in Washington and Brussels.  Read the Economist or the WSJ during the past few weeks for a small sample of the questions being raised about responsible data collection.  As we innovate and create new business models and technologies to provide consumers with fantastic experiences and relevant advertising, we must also bake in privacy by design — taking into account central questions about notice, choice, transparency, user control, data security and acceptability. 

This is our role at NAI, as a non-profit membership organization and the leading self-regulatory association dedicated to responsible data collection and its use for digital advertising.  The NAI Code requirements are designed with generally accepted Fair Information Practice Principles (FIPPS) in mind.  We continue to explore how these core principles apply in different contexts in an evolving technology landscape, while remaining technology and business model neutral. 

Here at NAI, we will be releasing guidance on the world beyond cookies in the near future to help ensure that rapidly developing technologies for our multi-screen world are deployed in a way that promotes consumer trust and is embraced by brands that care deeply about their reputation and customer relationships.  Stay tuned.  And more importantly, join us in our work setting high standards for digital advertising — the long-term health of the online ecosystem depends on our collective ability to maintain responsible data collection.

Submitted by Marc Groman on September 26, 2014

Last week at the IAPP’s 2014 Privacy Academy in San Jose, CA, IAPP Vanguard Award recipient David Hoffman, who serves as Intel’s director of security policy and its global privacy officer, called on privacy professionals to make a pledge by Tweeting the hashtag #datainnovationpledge and to make a virtual promise to “promote the ethical and innovative use of data.”  (Read David’s blog here.)

As President and CEO of NAI and a member of the IAPP Board of Directors, I was among the first to make this pledge. 

We at NAI agree with Hoffman that “[p]rivacy protections give individuals the confidence to engage, to allow their data to be used, to participate in the digital economy.”  We also agree that, while compliance with privacy laws is important, the role of privacy professionals and robust self-regulation like NAI is to move beyond strict compliance and  "focus on achieving the promise of data innovation, while protecting individuals.”  

That is what NAI is all about.  NAI upholds and preserves consumer trust by setting a high bar for responsible data collection and use by its members.  Strict standards and a holistic view of the industry allow NAI and our members to provide the foundation for a thriving and diverse market of ad-supported free content and services.  All our privacy professionals are taking the pledge because our jobs are to help our members promote the “ethical and innovative use of data” for digital advertising.  That’s why more and more top brands, agencies and ad tech partners ask third party advertising companies about NAI membership prior to doing business with them. 

We congratulate David Hoffman on his award and support his call to all privacy professionals.  Let’s work together to promote the ethical and innovative use of data so that we can all benefit from the promise of the information age and digital economy.

Submitted by Marc Groman on September 23, 2014

I had the honor of speaking last week at the International Association of Privacy Professionals (IAPP) Privacy Academy and CSA Congress 2014. The formal title of my presentation was “The Future of Maintaining State: Business and Policy Considerations for Next-Generation Tracking in the Mobile Environment.”

A simpler title for my presentation could have been “What is the Post-Cookie World Going to Look Like?” 

Over the past 20 years, the http cookie has played a critical role on the Internet serving as the method for “maintaining state” - the method for systems and services (such as a web site) to remember information about users, devices or software applications over time.  It may not be obvious to users today, but web traffic is inherently transient.  State maintenance is therefore crucial for the personalization consumers have come to expect online for managing preferences, account logins, shopping carts and Interest-Based Advertising which helps support free content and services.

It has taken a while, but as Bob Dylan said, “The Times They are a Changin’” for publishers, advertisers and ad tech.

What’s changin?  The move, or more like the stampede, by consumers to mobile.  Over 1.75 billion consumers now have Smart Phones.  Many of these consumers use multiple devices to surf the Internet from tablets, laptops, to mobile phones and addressable TV.  Brands, advertisers, and online services want to provide consumers a consistent experience across these devices and consumers are starting to expect just that.  If a consumer begins to research a product on their smartphone but makes the purchase on their laptop, brands want to be able to connect those experiences and obtain a holistic view of the consumer experience.

In addition to the move to mobile, technological improvement and the growth of social media platforms also accounts for the move to a world beyond cookies.  Social media platforms like Facebook, Twitter, Instagram and Pinterest for example, enable more engagement and generate more consumer-provided data.  The players in this new world include mobile apps publishers, mobile ad networks and exchanges, demand side platforms, advertisers (Brands), companies providing cross-device identification solutions and, of course, the two primary mobile platforms, Google Android and Apple’s iOS.

I don’t want to suggest that the http cookie is dead.  That’s not the case.  The http cookie continues to work well for the collection of data across websites on a browser, unless of course cookies are blocked by default on the software. The real challenge for advertisers is that 86% of use on mobile devices is in Apps, not on web browsers.  Cookies are not used to collect data across apps and thus are less useful in this App-dominated ecosystem.  Moreover, how will advertisers maintain the connection to the consumer across Apps and mobile devices – linking activity in mobile web browsers and apps on the same device and cross-device?  It won’t be with http cookies ¬¬– at least not alone.

So what’s the future like?  In my address at IAPP last week, I discussed three possible categories of alternatives to http cookies:

• Statistical IDs – Already in the market, this is the use of statistical algorithms that use information passed by the device, browser or operating system to infer a user ID that can then be used by publishers or third parties.

• Client IDS – Also already in the market, Client IDs are deterministic identifiers that sit on the app or browser.  Some are set by the server such as HTML5 local storage and so-called “flash cookies.”  Other are created client side by the OS such as the platform IDs on Androids and iOS.

• Centralized Cloud-Synchronized IDs – Not in the market, these IDs are set and managed through a centralized cloud service that all parties in the ecosystem agree to work with instead of a third party intermediary such as an ISP.  One recently announced effort to move forward with this type of solution is DigiTrust.

The move to a post-cookie world is inevitable.  But as we enter a world without cookies – or at least the diminished use of cookies— we are facing several compliance and consumer privacy challenges.  Each potential alternative to the cookie comes with different costs and benefits, pros and cons, and will be perceived differently be different stakeholders in the ecosystem.  In each case, we need to bake in privacy by design and ensure that there is transparency, notice, control, choice and accountability.  If we don’t, consumers and then brands will not embrace these solutions.

We at NAI are thinking about a post-cookie world on a daily basis. The NAI recognizes that the digital advertising ecosystem is rapidly evolving and individual companies are developing new technologies and business models to address these changes in the ecosystem.  The NAI Code requires notice and choice with respect to Internet-Based Advertising (IBA) and imposes a host of substantive restrictions on NAI member companies' collection, use, and transfer of data used for IBA.  We are exploring how these core principles (which are based on the full set of Fair Information Practice Principles) apply in different contexts while remaining technology and business model neutral.  We are also examining technical, legal and policy issues so that we produce logical and practical policies that can be implemented and honored at scale by the full range of NAI member companies.

Stay tuned.  My presentation at IAPP last week was part of the ongoing dialogue.  In fact, Lydia Parnes, former director of the Bureau of Consumer Protection (BCP) at the Federal Trade Commission (FTC), and I will be speaking on a panel “Beyond Cookies and Cross Device Platforms” to kick-off Advertising Week in New York City as part of NAI’s complimentary in-house counsel invitation only networking event.  The panel and networking event will take place from 6:00 to 9:00 PM on Monday, September 29 at Bocca Restaurant & Bar.  Registration and more details can be found here

There’s more to come from NAI on how we as an industry can move forward in this post cookie world responsibly so that consumers, brands, publishers, and others continue to benefit from the diverse, competitive, free, ad supported Internet.

Submitted by Anthony Matyjas... on September 22, 2014


NAI Counsel & Assistant Director of Compliance Anthony Matyjaszewski responds to the Economist Special Report on Advertising and Technology.


When the Economist published a Special Report on Advertising and Technology in its September 13, 2014 issue, we were pleased to see the focus on technological advances, many of them from NAI members.

But we were disappointed to read several overarching implications made in the report and in the accompanying multimedia pieces.  Despite acknowledging that developments in Interest-Based Advertising - like increasingly accurate modeling of consumer behavior and programmatic buying of media - have made advertising less expensive and more efficient and even noting that "consumers may gain from advertising tailored to their particular needs,” the report appears to conclude that data collection and advertising are undesirable.

The Economist even seems to advocate for more regulation of the advertising technology industry while seemingly overlooking the achievements of self-regulation by organizations such as NAI.
We feel compelled to respond to the report because regulation of data collection and use by "third parties” in the advertising technology ecosystem is the very reason NAI exists.
To be clear, we at NAI fully agree that the process of collecting and sharing data is becoming simultaneously more common and more complicated, especially as consumers become dependent on devices like smartphones for everyday tasks.  And we know that this complexity will only increase as the "Internet of Things" takes shape with connected televisions, radios, thermostats, and other appliances.  We also fully support the report’s statement that this ever-evolving landscape “makes it all the more important to set up a system of rules for online data collection and advertising.”

In fact, these two premises support the majority of our work at NAI.  Every day, we work tirelessly to ensure that our members – several of whom are mentioned in the report and a vast majority of the “third parties” consumers may encounter online - follow the NAI Code of Conduct.  It is also the reason why we are expanding the scope of our efforts to include mobile devices. 

As the leading self-regulatory association in this space, NAI proudly sets forth some of the highest standards in the third-party advertising industry.  We address the most pressing issues related to Interest-Based Advertising such as consumer notice and choice, as well as transparency of data collection technologies, and the use of precise location data  or sensitive data that could include health conditions or sexual orientation.

Other important aspects of the NAI Code are the key restrictions around the re-identification of users or merger of Personally Identifiable Information (PII) with the Non-Personally Identifying data collected online.

As the ecosystem constantly evolves, NAI is evolving with it.  We are currently developing updated guidance to address novel issues, including the emergence of new technologies for Interest-Based Advertising. 

But self-regulation is not simply guidelines; it is also enforcement.  That’s why NAI also conducts a rigorous compliance program that includes automated monitoring of our members’ consumer choice mechanisms and privacy-related disclosures, as well as annual in-depth reviews of all member companies.  When we spot potential problems, we work with our members to resolve them as quickly as possible.  If necessary, sanctions procedures are in place to address material violations of the Code.

To summarize, we agree with the Economist special report’s conclusion that rapid changes to online advertising technology bring potential opportunities, for businesses and consumers alike, as well as potential pitfalls if responsible practices and consumer privacy are not respected and enforced.

The Economist would have done a better service to its readers if the report took a more comprehensive look at self-regulation in the U.S. instead of giving the issue one paragraph in a several thousand-word report.  NAI is in a far better position than government regulators to respond in a swift and insightful manner.  This is a journey, not a destination or one-time exercise.  We look forward to working with responsible companies and others to help ensure the health of the ecosystem, consumer trust, and a vibrant, diverse, and free internet.