Submitted by NAI on June 6, 2016

By Gary A. Kibel, Partner, Digital Media, Technology & Privacy, Davis & Gilbert LLP

In April, I followed the advice of a former resident of my hometown to “Go west, young man,” and attended the 2016 NAI Summit in San Francisco. Little did I know that a quiet summit would erupt with fireworks when the FTC seemed to challenge the very foundation of the NAI Code of Conduct.

There has long been a disconnect between the industry and regulators regarding what constitutes personally identifiable information (PII). Without one consistent statutory definition of PII or personal data, the parties are left to push their respective agendas. The NAI Code has a clear and workable definition. The FTC, however, views persistent identifiers such as device identifiers, MAC addresses, static IP addresses or cookies that can be reasonably linked to a particular person, computer or device as PII. With the exception of the Children’s Online Privacy Protection Act (COPPA), however, this is more an aspirational approach than a legal requirement.

The FTC’s mention of this broader yet noncommittal reading of the definition of PII reveals a bit of a regulatory vacuum in this evolving area. It is therefore important for all participants in the adtech ecosystem to be engaged and continue to establish and follow best practices that respect privacy and encourage innovation in this rapidly changing environment. The need for thorough and thoughtful self-regulatory organizations such as the NAI could never be more apparent.

Submitted by leigh.freund on April 28, 2016

I am pleased to report that our 2016 NAI Summit was a huge success!  It was great to see so many of our members at our first West Coast Summit in San Francisco, California.

The venue, the weather, the compelling programming – everything was terrific! I have a few favorite moments and some thoughts about the day that I’d like to share. But first, one of the highlights of the day for me was the exciting announcement that NAI membership has crossed the triple digit mark for the first time!  We were thrilled to welcome our 100th member, as well as a few additional members, just this month, and we have a vibrant new membership pipeline; all clear signs that NAI continues to grow and is a strong, vibrant and relevant organization. 

Achieving the milestone of 100 members is great, but it also reminds me why we’re here – we are committed to meaningful and responsible consumer privacy for the digital advertising ecosystem. It’s a huge task and mission, and one I take very seriously. The NAI Summit always provides an opportunity to reflect on where this commitment has taken us and where we still need to go, and allows us here at NAI to renew our commitment to providing real value to our members and to the digital advertising industry overall. 

With that said, here are a few of my takeaways from the 2016 NAI Summit:

  • First, and most importantly, we cannot rest on our laurels. The NAI Code and guidance are living documents – and we need to keep them that way!  It is imperative that our policies continue to evolve to keep pace with new industry technologies. Fortunately, we have top-shelf technologists on the NAI staff as well as an unprecedented level of diversity among our member companies and their business practices. Ongoing collaboration and interaction with our members, as well as continuing policy adjustments and clarifications, will help us keep ahead of the curve and ensure that our Code remains principled and inclusive of new technology.
  • We also must redouble our efforts to educate consumers, regulators, legislators, and others in our industry about what we're doing and why. New technologies offer both exciting opportunities and significant privacy challenges. Increased transparency around NAI’s robust compliance and enforcement efforts, with members as well as regulators, will help us remain an organization that gains consumer trust and reinforces our commitment to serious and responsible privacy practices.
  • State regulators care about privacy, too.  NAI collaborates regularly with our colleagues in government, but we often focus on federal policymakers and regulators. Increasingly, state officials are looking to develop regulations to protect consumer privacy. This was made clear at the NAI Summit in remarks by Justin Erlich, Special Assistant Attorney General to California Attorney General Kamala D. Harris. NAI will be increasing our interaction with state regulators to demonstrate the value of self-regulation for cutting-edge, real-time privacy protection.
  • Best-in-class privacy programs are difficult and challenging, but worth every effort. The entire digital advertising industry benefits when companies from across the ecosystem commit to responsible data collection, use and management practices. It is a constant challenge to craft policies with privacy principles that allow different companies and business models to participate.  But when we get it right, it’s a win for everyone.
  • We must include engineers and product experts in our ongoing privacy discussions. Businesses and consumers are best served by products and platforms that include privacy by design. When the full team is included in discussions, the full range of expertise is available, helping us make policies that really work. We are already hard at work on new ways to incorporate engineers and product experts in our working groups, technology discussions, and even next year’s Summit – stay tuned!

So, we have a lot of work to do!  But, as with every opportunity we have to interact with the incredible talent our member companies employ, we are left energized and excited about the future. We are incorporating everything we learned into our plans for 2016 and beyond.

We also want your insights.  Share your Summit takeaways with us on Twitter using #NAISummit or post them on our Facebook page.  And check your email for a link to an online attendee survey.  Please fill it out to help us shape future Summit events.

Visit this blog for more Summit summaries and other content coming soon. 

Submitted by Noga Rosenthal on April 11, 2016

The onset of spring brings two certainties: (1) the cherry blossoms blooming in Washington, DC, and (2) publication of the Network Advertising Initiative’s (NAI) Annual Compliance Report, which I am proud to announce that we published today. The Report is based on findings from the NAI staff’s comprehensive monitoring processes during the 2015 compliance period and covers members’ compliance with the 2015 Update to the NAI Code of Conduct (Code) for the 2015 calendar year.

I want to first thank my colleague NAI Counsel & Director of Compliance Anthony Matyjaszewski. Anthony worked tirelessly over the past several months to draft the Compliance Report and manage all aspects of its publication. Congratulations, Anthony!

The report focuses on NAI’s annual review of 84 member companies who, as part of their membership obligations, are required to undergo reviews of their compliance with the Code by NAI compliance staff. For me, as NAI’s General Counsel and Vice President of Compliance, the Report goes at the heart of what we do and shows why our organization is unique in the industry: NAI sets high standards for Internet-Based Advertising (IBA) and related business models, and we back up those standards with a comprehensive monitoring program that ensures members’ compliance and accountability.

NAI’s compliance program includes rigorous review of thousands of pages of questionnaire responses, privacy policies, website content, and other documents. NAI staff spent hundreds of hours reviewing member responses to detailed annual review questionnaires about compliance with Code. These reviews were coupled with interviews with each evaluated member, conducted by at least two staff members.

I am pleased to let readers of this blog know that that the report shows that members once again met their obligations under the provisions of the Code and demonstrated their commitment to consumer privacy and industry best practices. When NAI staff did find nonmaterial issues throughout the compliance period, our members worked with the staff to rectify any issues promptly, before they could turn into larger problems affecting greater numbers of consumers.

I commend our members for taking proactive steps to ensure that they remained in compliance with the updated Code, as 2015 was in many ways an extraordinary year for NAI. First, in May 2015, the NAI released the 2015 Code Update which made several important clarifications regarding the NAI’s interpretation of Code requirements. Also in May 2015, NAI published its Guidance for NAI Members: Use of Non-Cookie Technologies for Interest-Based Advertising Consistent with the NAI Code of Conduct. This document was the culmination of years of work by NAI members and staff in creating a framework for self-regulation of the use of emerging technologies for IBA. The NAI then released the 2015 Update to the Mobile Application Code in August to further clarify how the principles found in the Code apply in the growing mobile Cross-App Advertising ecosystem. This shows that our members continually demonstrate an ability and willingness to adapt and adjust self-regulatory frameworks to new and challenging issues as they emerge.

NAI’s Annual Compliance Report shows that effective self-regulation is the best method to continue responding to changing business practices, technological advances, and consumer expectations. Self-regulation is particularly effective in the ad tech space where innovation is exceptionally rapid. I am also pleased that, reflecting the commitment to strong self-regulation among advertising technology companies, 13 new companies joined the NAI in 2015.

Here are some highlights from the 2015 Annual Compliance Report:


  • In 2015, members estimated that they donated billions of impressions to the NAI’s education campaign. This campaign helped to educate consumers about IBA and available choice mechanisms, leading to over 5.3 million page views of the NAI consumer education pages in 2015- nearly 20% more visits than in 2014.
  • In 2015, the NAI website saw over 8.2 million unique visitors, up 45% from 5.6 million in 2014.


  • NAI members delivered the “Advertising Option” Icon, or a similar icon or link, to consumers, trillions of times a month.
  • In 2015 the NAI further developed its in-house tool, scanning through 300 webpages to monitor the privacy disclosures of existing members and applicants for changes.


  • There were more than 7.5 million visits to the NAI opt-out page in 2015- over two million more visits than reported in 2014.
  • NAI staff examined the behavior of over 23,293 data elements, including cookies, Javascript files, and URL query strings of its evaluated member companies.

Consumer Communications:

  • In 2015, NAI received and reviewed approximately 5,700 consumer queries through its website, approximately 400 via telephone, and several letters through physical mail.

I am extremely pleased with the incredible efforts of our members and staff in completing the 2015 compliance process. Thank you to the members and staff for their continued hard work and commitment to the NAI Code. We encourage members to download and read the 2015 Compliance Report, which can be found at the link below.

Download the 2015 Compliance Report.
Download the Press Release.

Noga Rosenthal, General Counsel, VP for Compliance and Policy

Submitted by NAI on April 1, 2016

Under the current NAI Code of Conduct and Mobile Application Code, our member companies are required to obtain Opt-In Consent for the use of Precise Location Data in Interest-Based Advertising and Cross-App Advertising, as well as in Retargeting. We provided more direction on this topic in 2015 with the release of the Guidance for NAI Members: Determining Whether Location is Imprecise, which helps our member companies evaluate the relative precision of location data while providing a number of best practices for rendering this data imprecise.

The NAI Board of Directors continues to evaluate whether it would be appropriate to provide additional guidance on the topic of how consumers can provide Opt-In Consent. This issue is somewhat challenging because of the continuous evolution of the consumer consent mechanisms included in most mobile platforms. Additionally, different mobile ecosystems allow for varying levels of granularity for both notice and choice.

Despite these ongoing considerations, NAI members must continue to comply with the Opt-In Consent requirements of the NAI Code of Conduct and Mobile Application Code. NAI members can comply through the Digital Advertising Alliance (DAA) Mobile Guidance, Section IV.B.2, which provides a number of methods for Third Parties - like NAI member companies - to obtain Opt-In Consent, or reasonable assurances that a First Party, such as a mobile application, has obtained such consent on their behalf.