Blog

Submitted by Jurgen Van Staden on November 26, 2014

Three years ago, the Network Advertising Initiative (NAI) joined with a wide range of constituencies at the World Wide Web Consortium (W3C) Tracking Protection Working Group in an attempt to turn the phrase “do not track” into a meaningful global privacy standard that addresses both technical and policy challenges. NAI brought a unique perspective to the discussions because of our understanding of both privacy issues and online advertising our appreciation for the unique role of responsible third parties in delivering relevant digital advertisements. This perspective is reflected in our own tough standards that set a high bar for responsible data collection and use by our members.

Unfortunately, after investing significant resources into the Working Group’s “do not track” efforts over the past three years, we have concluded that NAI has no choice but to withdraw from the Group. The process, which has been so riddled with substantive and procedural flaws, will simply not produce a meaningful privacy standard. The remaining participants may well force through a standard, but that standard will be driven by a handful of stakeholders who represent only sliver of the ecosystem and who have competitive interests in the outcome. At this point, the prospects of wide scale adoption are remote at best and any “do not track” standard likely will be outdated before the first company can even sign on.

The concept of a new privacy choice mechanism is a laudable objective and many well intentioned individuals assembled at W3C, but the fact is that “do not track” is now so off track it is time to bring the process to close.

NAI is not alone in concluding that the W3C process is fatally flawed. The Working Group has gone from nearly 70 enthusiastic companies, trade associations, advocacy groups, and experts three years ago to barely a dozen individuals from a handful of organizations today. The reason is that, like NAI, many of these groups question the likelihood of a positive outcome and have been concerned about the integrity of the process. NAI joins these groups in concluding that the W3C effort cannot produce a responsible or practical standard.

While the W3C Tracking Protection Working Group’s process should end, this ending should mark the beginning of new efforts to help ensure the success of the global Internet and the protection of consumers’ privacy interests. Privacy in the digital age – and the era of big data -- is a legitimate concern. Innovation, personalization, and even customized advertising do not need to be at odds with privacy and responsible data governance. Moreover, privacy and profits are not zero sum game.

Responsible data collection and use are fundamental to the success of the commercial Internet, as are the principles of notice, choice, transparency, data minimization, use limitations, security, and accountability. Consumers should be able to express their preferences about the collection and use of their information — online and offline — and responsible actors of all shapes, sizes and labels should honor those preferences. These are the bedrock principles of the NAI Code of Conduct.

NAI believes in such high standards because consumer trust is fundamental to the success of the Web and the free, ad supported products and services consumers have come to expect. Consumer trust will be equally fundamental to the success of the “Internet of Things” as technology brings so many opportunities – and challenges – that could not have been imagined only a few years ago.

It is time to move on from the W3C “do not track” process. We look forward to working with other stakeholders on efforts to help ensure the health of our global online ecosystem. NAI is eager to invest our resources in new initiatives that address our core values of providing consumers with notice, choice, transparency, control, and accountability.

Submitted by Ryan Cliche on November 24, 2014

It’s been quite a month for NAI. We’ve been able to demonstrate to the industry and privacy community why we are the leading self-regulatory association dedicated to responsible data collection and its use for digital advertising. Last week on our blog, we showcased another example of the depth of the NAI Board’s practical and in-depth knowledge of both privacy issues and the ad industry, with four NAI leaders participating as faculty in a one-day PLI program titled, “Tracking and Targeting Customers and Prospects.” The previous week, the blog highlighted NAI’s participation in the International Association of Privacy Professionals’ Digital Advertising & Privacy conference (IAPP).

This week, it was time for the NAI staff to shine and showcase their knowledge to NAI members. More than 70 members joined NAI Board Chairman Doug Miller (who is also Vice President and Global Privacy Leader at AOL), NAI President Marc Groman, and the NAI staff for an all-NAI member call. The purpose of the call was to update NAI members on the ground-breaking activities currently being undertaken by the staff.

The agenda was jam packed with important updates provided by NAI staff.  Highlights included:

  • NAI Counsel and Assistant Director for Policy Jurgen Van Staden provided an update on NAI’s Beyond Cookies Working Group. This group has been meeting to create a draft policy document that would provide guidance for NAI members on the use of non-cookie technologies for interest-based advertising (IBA) and making them compliant with the NAI Code, especially the principles of transparency, control, and accountability. Working Group members volunteered many hours over the past year to work through challenging issues with the goal of defining a framework that would allow members to use stat ID/non-cookie technologies for IBA.

    Jurgen announced that the draft policy document containing this framework is available for review by members. He said that the draft is a thorough, practical, balanced, implementable, and enforceable framework that would allow NAI to green light the use of stat IDs in a responsible, Code-compliant manner. Central to the proposed beyond cookies framework is the development of a new opt-out page that can facilitate the policy requirements contained in the draft guidance document.

    Jurgen told the members that there is still much work to be done on the framework, including addressing legal issues. He is planning a series of webinars and in-person meetings with NAI members to provide additional information and to obtain input from the membership. 

  • NAI General Counsel Noga Rosenthal then briefed the membership on the 2014 compliance program. She thanked the membership for their cooperation in submitting the necessary information for the NAI Compliance Team to review each member company. Participation in the NAI Compliance Review is mandatory for all NAI members. The NAI compliance process relies on a variety of reviews and assessments by NAI staff, including the use of an automated technical tool that monitors the functioning of member opt-out mechanisms, as well as an evaluation of members’ public-facing materials like privacy policies. NAI staff spent hundreds of hours reviewing member responses to detailed annual review questionnaires about compliance with the NAI Code of Conduct. These reviews are coupled with interviews with each evaluated member, conducted by at least two NAI staff members.

    Noga told the membership that the staff is drafting the 2014 Compliance Report and reminded members that enforcement of the Mobile Code will start next year.

  • Next, NAI’s Counsel and Assistant Director of Technology and Data Science Shaq Katikala provided members with an overview of NAI’s new compliance technical monitoring tool. The compliance tool provides a more comprehensive view of the online activities of our members by looking at opt-outs, relevant data collection practices, and privacy policies. This tool is designed to detect opt-out errors on desktop browsers, mobile browsers, mobile apps, and other platforms. Using proprietary technology, it will be capable of producing insights on nearly all major forms of online data collection. That includes not just cookies, but location data, personal directory data, client-side storage, and active statistical identifiers. It also includes an integrated privacy policy scanner, which helps spot changes to members' business models and practices that may raise potential compliance questions.

    Shaq said that this new technology allows NAI to have a 360-degree view of members’ business practices. The technology was built in-house. NAI President Marc Groman described the new software as a “game changer” for the self-regulatory industry in the use of technology to monitor compliance.

  • NAI Vice President for Member Services & Business Development Bruce Morris then provided the membership with an overview of the upcoming NAI Board of Directors elections. He announced that the Board will be expanded to 15 from its current 12 members. Members who are interested in joining the Board should contact Bruce at Bruce@networkadvertising.org.
     
  • NAI Chief Operating Officer Ryan Cliche announced the date for the 2015 Member Summit: May 21, 2015, in New York City. This will be the third annual Summit, an event that attracts leaders in the industry who care about innovation, state-of-the-art digital advertising, high standards, and best practices for the third-party online ecosystem. If you are interested in participating in the Summit Planning Working Group or would like to propose a session to present, please email Ryan at ryan@networkadvertising.org. Those who are interested in sponsorship opportunities should contact Bruce Morris at Bruce@networkadvertising.org.
     
  • Ryan also announced that work is almost completed on NAI’s new consumer education website that expands our focus beyond web browsers and cookies. New content and graphics will be ready in the next couple of months.

As you can see, NAI has a lot on our plate for the next several months. We are very excited about the future and are proud of the innovative and proactive approach that the organization is taking. We are showing the world that effective self-regulation works!

Submitted by Ryan Cliche on November 13, 2014

Organizations ranging from PLI to the International Association of Privacy Professionals (IAPP) frequently call on NAI Board members to serve as faculty and lecturers when these groups organize sessions on digital advertising and privacy. That’s because our Board includes leaders in the industry, both on the privacy front and in terms of practical and in depth knowledge of the ad industry.

Last week, we wrote about NAI’s participation in the International Association of Privacy Professional’s Digital Advertising & Privacy conference (IAPP) in NYC. The sold out event featured several NAI members as speakers and panelists. NAI was specifically highlighted by Maneesha Mithal, the Associate Director of the Federal Trade Commission’s (FTC) Division of Privacy and Identity Protection , who stated that NAI’s program is the type of self-regulatory program “we are talking about...self-regulation with teeth."

NAI again demonstrated this week why it is the leading self-regulatory association dedicated to responsible data collection and its use for digital advertising. Four NAI leaders participated as faculty in a one-day PLI program “Tracking and Targeting Customers and Prospects.”

NAI Board member Shane Wiley, who is Vice President of Privacy & Data Governance, Yahoo!, opened with a technical deep dive. He covered how cookies, local storage, device IDs, and other common Internet technologies work as well as the nuts and bolts of server calls and cookie syncing.

NAI Vice-Chair Alan Chapell, who is President of Chapell and Associates, followed with a discussion of AdTech business models, from IBA to contextual to cross device targeting and attribution. He further discussed different business models from networks to DMPs to SSPs, DSPs, and exchanges. Alan explored the basics of addressability and reviewed the history and development of privacy rules for digital advertising including the genesis of NAI back in 2000.

Alan looked ahead at what privacy lawyers should be thinking about as they advise clients regarding new business models. He suggested that lawyers need to consider the different sources of data such as online, offline, mobile, iTV, IoTs, and wearables. He noted that different sources, at least today, raise different issues. As one example, how will self-regulation or legislation address data collection by devices that have no interface with consumers? Lawyers should think about how data is collected (active v. passive) as well as the type of entity that is obtaining the data. That may include ecommerce platforms, ISPs, ad servers, exchanges or credit bureaus. Alan concluded his session by examining privacy controls such as DNT, platform level controls, browser level controls, and NAI’s industry-wide opt-out page for interest-based advertising (IBA).

NAI’s newest Board member, Ted Lazarus, Director, of Google’s Legal Department, led an engaging discussion about the role of privacy counsel in today's rapidly evolving digital ad ecosystem. He highlighted the need for companies to have policies and procedures in place to help ensure that privacy issues are addressed early in the development of new technologies and business models. Ted noted that there often will not be direct precedent or clear industry standards when developing policies for new business models, and suggested that lawyers look to existing self-regulatory codes such as the NAI Self-Regulatory Code of Conduct as potential guidance.

NAI President & CEO Marc Groman explained that the NAI’s role is to help promote consumer privacy and trust in this market by creating and enforcing high standards for responsible data collection and use practices online and in mobile environments among its members. Marc further explained that the NAI accomplishes this through a body of self-regulatory policies – the NAI Code – and through a robust compliance and enforcement program that helps members meet these high standards, and holds them accountable.

It was a great day that once again showed why the NAI Board is so unique. Our Board members are not only experts in privacy, but they are industry leaders in business and advertising. They understand privacy issues and online advertising, and thus can craft thoughtful, practical, scalable standards that benefit everyone. In sum, our Board members are privacy executive all-stars from the advertising industry - a unique talent pool in its composition and depth, with a cross-section of experience.

Submitted by Noga Rosenthal on November 7, 2014

I attended the International Association of Privacy Professional’s Digital Advertising & Privacy conference in NYC.  The sold out event hit some of the hottest and most critical issues in privacy today and also showcased why NAI is the leading self-regulatory association dedicated to responsible data collection and its use for digital advertising. 

Not only did the conference speakers and panelists include several NAI members and staff, but NAI was specifically highlighted by a federal regulator who hailed the “great work” undertaken by our organization.

In the keynote address by Maneesha Mithal, the Associate Director of the Federal Trade Commission’s (FTC) Division of Privacy and Identity Protection, she praised self-regulation, and specifically called out NAI.  Mithal stated that, at the FTC, NAI’s program is the type of self-regulatory program “we are talking about...self-regulation with teeth."   That high praise from a federal regulator makes us proud!

Later in the day, Lael Bellany, Chief Privacy Counsel of the Weather Channel, noted that when she partners with third parties she always does her due diligence by first asking for NAI membership. She demands an explanation from any network or third party who is not an NAI member.  She praised both the NAI’s standards and our hallmark compliance program.

Our own Marc Groman (NAI’s President and CEO) had earlier opened the conference with a presentation - Ad Tech 101 for Privacy Counsel.  This introductory session about the digital advertising industry helped set the stage for the panels to follow, covering everything from cookies, cookie syncing and new tracking technologies to an overview of the diverse players in the digital advertising ecosystem.  Marc explained the value that responsible third parties bring to the table, helping brands reach the right consumers at the right time with the right ads while also helping publishers maximize revenue for their ad inventory. 

The first panel of the day covered onboarding offline data and featured Becky Burr, Deputy General Counsel & CPO of NAI member company, Neustar.  The key takeaway from this panel was how NAI members apply the NAI Code of Conduct to onboarding offline data and best practices for maintaining the separation between Personal Identifiable Information and Non-Personally Identifiable Information.

That panel was followed by our own Shaq Katikala, NAI's Compliance and Technology Fellow, who conducted the first-ever public demonstration of NAI’s state-of-the art privacy policy scanner.  (Read Shaq’s earlier blog post for more information.)  As our members know, NAI staff reviews member’s privacy policies on an annual basis to help members ensure that they are in compliance with the NAI Code of Conduct.

The NAI is now utilizing this tool that scans member’s privacy policy on a continuous basis in an effort to move towards real time compliance and ongoing checks.  The scanner helps pick up any changes to a member’s privacy policy, helps flag any business model changes as indicated in a privacy policy, and helps staff stay connected with members.  As always, it is the NAI’s goal to find potential issues before they could become a problem for both consumers and our member companies. 

The use of precise location information for mobile advertising was also addressed on a panel in the afternoon that included The Weather Channel’s Lael Bellamy and the FTC’s Melinda Claybaugh, who confirmed that the FTC views this information as sensitive and requires higher obligations than other types of data.  The panel discussed the challenges of obtaining consent for the use of location information by third parties as well as the lack of specificity about what is meant by “precise” location v. location generally.

The day wrapped up with a lively panel about cross-device.  NAI Board Members Alexis Goltra, Chief Privacy Officer and Asst. General Counsel for Privacy & Security at Oracle, and David Wainberg, Privacy & Policy Counsel at AppNexus, led this discussion.  One take away was the need for self-regulation to step into this space and help industry define best practices, particularly concerning what type of choice should be offered to consumers around data collection and use in cross-device advertising. 

In sum, the panels generated animated discussions around the broad range of issues and challenges facing all NAI members.  The panelists represented all facets of the ad tech industry, bringing their experience and knowledge to an engaged and curious audience.  We are proud of the number of NAI members and staff who participated on these panels, showing the central role of the NAI in the ad tech industry.