Submitted by NAI on August 16, 2017

NAI 2016 Annual Compliance Report FAQs

1. What is the annual NAI compliance Report?

The NAI and its members invest enormous resources towards working to ensure that consumer choices are honored and data privacy is respected through a rigorous compliance and robust enforcement process.  The report provides to the public the results of the NAI’s compliance program each year. Through publication of this report, consumers, regulators and others gain visibility into the NAI’s compliance program and self-regulatory process.  NAI leverages the findings of the report to further strengthen its self-regulatory program.

2. What information is included in the NAI Compliance Report?

The report provides a summary of the NAI staffs’ findings from our compliance monitoring processes of our 108 member companies during the 2016 period (January 1, 2016, to December 31, 2016). This includes investigations and, when applicable, enforcements conducted during that time period.

3. The Compliance Report does not cite any members for noncompliance.  Is that because the NAI staff did not find any violations of the Codes?

No.  The report shows that NAI staff found that some member companies had various non-material violations of the Codes as a result of the organization’s robust monitoring program.  These violations included malfunctioning privacy links and privacy disclosures that may not have provided adequate information regarding data collection and use in mobile applications.  However, members actively worked with NAI staff during the course of the year to ensure that these issues were resolved quickly.  NAI did not find any material violations of the Code during the 2016 compliance review period. Material violations are willful and/or very serious violations of our Codes, such as failure to provide consumer choice for an extended period of time, deliberately misleading statements in disclosures, failure to implement NAI guidance document requirements, or refusal to cooperate with NAI staff.

4. If no sanctions are listed in the Report, why do you claim that NAI has a robust compliance program?

NAI's rigorous compliance approach encourages collaborative dialogue between NAI staff and its members that creates a comprehensive, disciplined partnership that enhances the overall health of the digital advertising ecosystem and benefits consumers. NAI is a membership organization, and therefore its impact, and the benefit to consumers, increase as more companies join and sign up for self-regulation. Issues are resolved promptly, before they turn into larger problems affecting greater numbers of consumers.  That is self-regulation at its best. 

5. What is new in the 2016 report?

NAI began regulating Cross-App Advertising (CAA) through enforcement of its Mobile Application Code (App Code) in 2016. The Compliance Report shows that NAI found that all member companies provided an Opt-Out mechanism for CAA.  However, some of these mechanisms needed improvements and/or more comprehensive opt-out instructions.  In turn, NAI worked closely with member companies to draft improvements where needed.  In cases where members did not initially provide all necessary disclosures in the App Code in a clear manner to consumers, NAI took additional steps to educate members regarding required and suggested disclosures pertaining to advertising identifiers on mobile devices, the choice mechanisms available on mobile platforms and location data, resulting in considerable improvement in mobile-specific disclosures throughout the year.

6. What is on the horizon for NAI in 2017?

NAI intends to leverage the findings of the Annual Compliance Report to further strengthen our self-regulatory program.  In 2017, the NAI began enforcing two new guidance documents, addressing the use of Non-Cookie Technologies in web browsers, and Cross-Device Linking for IBA and CAA purposes. The 2017 compliance reviews include these guidance documents, and companies will be held accountable for meeting these requirements. From a policy perspective, NAI is conducting advance work with its members and industry stakeholders to examine terminology, including the continuing relevance of the Non-Personal Identifiable Information (non-PII) and Personal Identifiable Information (PII) distinction.  As data collection and use for targeted advertising on connected TVs becomes more prevalent, NAI is also actively working to draft Guidance addressing this new ecosystem.  NAI is also continuing to develop, expand, and improve its suite of technical monitoring tools in both web and mobile application environments.

 See the full press release here.



Submitted by Leigh Freund on July 20, 2017

Today’s blog post is dedicated to an update on privacy regulations that the European Union is planning to implement in less than a year that will have a significant impact on our members and the entire adtech industry.  The EU “General Protection Data Requirements” (GDPR) takes effect on May 25, 2018. Hailed as the most significant change in data protection law in over 20 years, the GDPR will impose many new obligations on controllers and processors of "personal data," an expanded definition that encompasses many of the data types typically collected and used by digital advertising technology companies.

GDPR will require companies to provide consumers with clear, unambiguous consent choices, data portability, a right to access data, and consent revocation, among other obligations.  The cost of non-compliance is significant.  GDPR includes an increased extra-territorial applicability and a significant increase in the penalties for non-compliance.  Fines for non-compliance are up to four percent of annual global turnover or 20 million Euros, whichever is greater. An overview of the GDPR’s key changes can be found here.

Many of our members have asked what NAI can do to help companies prepare for the obligations they will face under the GDPR.  NAI's current Codes of Conduct and guidance documents are applicable to the United States.  However, NAI's technical expertise and knowledge of our industry and its various business models make us uniquely qualified to be of assistance as we attempt to craft solutions that protect consumers' privacy, but also allow for companies to continue to innovate and conduct business in Europe.

I have been travelling to Europe on a regular basis this year to meet with industry colleagues and EU regulators.  I am delighted to report that NAI has been invited by the IAB Europe to be an active participant in its GDPR Implementation Working Group (GIG).  The GIG, made up of IAB Europe members dedicated to meaningful privacy and business solutions for GDPR implementation, has been working hard to develop position papers and helpful guidance documents on numerous points of GDPR compliance. We meet frequently, both in person and in virtual meetings, to determine the best path for both privacy protection and business continuity.

IAB Europe's GIG has produced a GDPR Compliance Primer, designed to share with executives and business owners within member companies in order to expand companies' understanding of the complex obligations required of data controllers and processors of European consumer data. The full paper can be found here.

As the GIG continues its work, NAI will share its output with member companies. We also want your input on key aspects of compliance.

If you have any questions or wish to discuss any issue of GDPR compliance with NAI staff, please don't hesitate to contact us. If you are interested in participating more actively in the IAB Europe and its GIG, information on membership can be found on the IAB Europe's website

Submitted by NAI on June 5, 2017

NAI was featured today on in an article, The Network Advertising Initiative (NAI) Ensures Top Ad Companies Don’t Collect Your Sensitive Browsing Information Without Consent, that focuses on the role NAI plays in promoting responsible data collection and consumer privacy.

“The Network Advertising Initiative (NAI) recognizes the need for discretion as well as personalization in online advertising,” wrote Dating editor Hayley Matthews. “This groundbreaking organization seeks to promote consumer privacy and trust by creating and enforcing high standards for responsible data collection and use in online advertising and in mobile environments among its members.”

Anthony Matyjaszewski, VP of Compliance and Membership, discussed NAI’s approach to privacy and data collection and how the consumer’s trust is always a priority.  “There’s a presumption of anonymity when browsing the web, but that’s not always the case,” Anthony told “When a company collects data online, NAI ensures they’re doing things the right way.  If you have a private or sensitive issue, you may not want to get ads reflecting that.  To lessen the ad’s potential to cause embarrassment, advertisers in our network can require an opt in from users.”

Read the full article here.

For more information about NAI’s new Consumer Opt-Out tool, click here.

Submitted by Leigh Freund on June 2, 2017

By: Leigh Freund, President and CEO of NAI

The 2017 NAI Summit was a great success!  More than 120 NAI member company representatives joined us on May 14 at Chelsea Pier in New York for a day of great panel discussions and presentations.  It was a beautiful, warm spring day at an awesome venue.  I have a few favorite moments and some thoughts about the day that I’d like to share. But first I wanted to recognize our summit sponsors:  Criteo, Google, PlaceIQ, AppNexus, Yahoo!, AOL, Davis & Gilbert LLP, DataXu, Engine Media, Zwillgen and Keller and Heckman LLP.  We could not have had a successful event without the support of these sponsors.  Thank you!

NAI member companies are committed to meaningful and responsible consumer privacy for the digital advertising ecosystem. It’s a significant and important mission, and one I take very seriously. The NAI Summit always provides an opportunity to reflect on where this commitment has taken us and where we still need to go, and allows all of us to renew our commitment to providing real value to our members and to the digital advertising industry overall.

I want to thank our keynote speaker, FTC Commissioner Terrell McSweeny, who participated in a “fireside chat” with me.  It was an interesting discussion and I appreciate Commissioner McSweeny’s thoughts on what to expect with a new regulatory environment in DC.  I also appreciate her noting the importance of self-regulation: “Organizations like yours have a real role to play,” she said about NAI.  “You can keep pace with dynamic changes of technologies – it’s harder when reacting as an enforcement agency – we are looking at cases that happened one or two years later.  We are behind in marketplace (which is appropriate) while you are at the front of them.  We all want to give consumers meaningful choices so they trust the technology and buy it. If they don’t trust it they won’t buy it.”

Here are a few of my takeaways from the 2016 NAI Summit:

First, and most importantly, NAI and its member companies have shown that self-regulation works, but we must constantly keep evolving to keep up with emerging technologies.  New technologies continue to change the game, pushing NAI to stay ahead of the curve and help our members innovative with privacy in mind – and by design. Just last month, we released new choice tools in collaboration with the Digital Advertising Alliance – the DAA.  These tools were the first to offer a technology-based opt-out for both cookie-based and non-cookie technologies.  This week we released Cross-Device Linking Guidance for NAI Members. This is the type of ongoing collaboration and interaction with our members that makes us unique and ensures that our Code remains principled and inclusive of new technology.

The EU’s GDRP is coming and now is the time for all of us to prepare our companies and engage with European regulators. There was an important panel discussion led by NAI outside Counsel Sheila Millar about “Data Definitions across the World.”  Panelists, including Matthias Mattheisen, Senior Manager, Privacy & Public Policy, IAB Europe; Oliver Gray, Director-General, European Interactive Digital Adverting Alliance; Mike Hintze, Partner at Hintze Law; and, Estelle Werth, Vice President and Global Privacy Officer at Criteo, discussed the challenges that our industry is facing with the different definitions of personal identifiable information (PII) in Europe, the U.S. and other countries.  Mattheisen and Gray discussed the European Union’s General Data Protection Plan (GDPR) and its expanded definition of PII.  All companies must be in full compliance with the GDPR roughly one year from now (May 25, 2018), and panelists urged companies to remain engaged with European regulators on these issues.  I’ve already travelled to Europe several times this year and intend to continue to meet with European regulators and industry leaders to discuss our self-regulation efforts, specifically NAI’s robust compliance and enforcement efforts and our commitment to serious and responsible privacy practices.

The regulatory push from Washington may be slowing down, but the pace from federal and state state legislatures is speeding up.  I participated on a panel on the “Washington Regulatory and Legislative Environment” moderated by WilmerHale Partner Reed Freeman.  Other panelists included Gina Woodworth, Vice President at the Internet Association; DMA Senior Vice President Emmett O’Keefe; and, Noga Rosenthal, Chief Privacy Officer at Epsilon.  My takeaway was that the Trump administration is still working to fill many positions in the agencies, which makes it less likely that there will be much regulatory activity on our issues from DC in the near future.  While it at first appeared that Congress was unlikely to take action on privacy matters, as evidenced by the recent Congressional repeal of internet privacy regulations adopted by the Federal Communications Commission, we came back from the Summit to a House of Representatives bill that would impose FCC-type privacy requirements on edge companies (that’s you!) – more to come on that from me soon.  In addition, state legislatures (and even cities) are taking a much more active role.  Privacy bills have been introduced in several states, including Illinois, Vermont and Washington.  These bills often have unclear and/or broad definitions of the companies they impact, and have potentially troublesome effects on our industry.  NAI is actively working with other industry groups to explain our industry’s technology to policymakers and lawmakers, and ensure a balanced approach to regulation and legislation.

The News on Fake News: More Challenges Ahead.  I moderated a fascinating panel discussion on the “Implications of the Fake News Phenomenon on Digital Ad Companies.” I’m proud to say that I am fairly certain that this was the first all-female panel ever at an NAI summit.  I was joined by Ghita Harris-Newton, Chief Privacy Officer & Deputy General Counsel at Quantcast; Adroll General Counsel Stephanie King; Alice Lincoln, Vice President at MediaMath and Shelly Paioff, VP, Legal Affairs at Taboola. We defined “fake news” as information that is intentionally deceptive; however, panelists acknowledged that satire is a bit of a grey area.  While brands such as The Onion makes it obvious that the “news” it is sharing is satire, this sometimes gets lost when headlines are reposted on social media platforms. Panelists stated that, as ad tech companies, we all have an interest in making our advertisers happy.  One doesn’t need to make a moralistic or political judment about news sites.  The industry consensus is to build safe spaces for our advertisers and support our clients’ needs.  Unfortunately, the growing use of fake news will continue to create challenges for our industry, and it’s up to us to educate consumers about what is fake news and to develop industry best practices that could open the door for more transparency.

The ad tech industry needs to be smart about smart TVs.  NAI Board member Allan Chapell led a discussion about “Privacy Implications of Technology Innovations.” The discussion focuses on the growing popularity of Smart TVs and the new technologies that are being introduced that could fundamentally change TV viewing in the future but also create privacy concerns.  Panelists included Lucid Privacy Group Founder Colin O’Malley; SambaTV CEO Ashwin Navin; and, Mark Partin, Managing Counsel at Oracle.  Televisions have been the one screen that has been slow to join the cross-device advertising space.  The industry needs to be sensitive to the fact that consumers will need to be educated on the value exchange of a better television watching experience in return for sharing data.  This nascent industry is about to take off and there may be a role for self-regulatory organizations like NAI to help create the “rule of the road” for this exciting new technology.

Finally, my bonus takeaway is this: the NAI has a great staff that makes everything we do possible.  I want to thank Anthony Matyjaszewski, Julie Karasik, William Lee, Grant Nelson and Matt Nichols for their hard work in creating and organizing our most interesting and informative summit yet! 

We have a lot of work to do!  The Summit, as with every opportunity we have to interact with the incredible talent our member companies employ, left us energized and excited about the future.


We want your insights.  Share your Summit takeaways with us on Twitter using #NAISummit or post them on our Facebook page.  Or send me an email at  We want to hear from you!