Submitted by Marc Groman on October 22, 2014

It is my passion for technology, innovation and privacy that first led me to NAI and it has been my privilege to serve as CEO for the past three years, but I've decided to pass the torch.  I am writing this post to share the news that I have decided not to renew my contract with NAI in order to pursue new opportunities and challenges. I have committed to staying until Spring 2015 to ensure a smooth transition while the Board identifies my successor. 

It has been an honor to work with the NAI Board, 12 of the most talented and experienced executives in the ad industry with a vision for both NAI and the future of the third party ad ecosystem.  

I am very proud of the amazing staff that we have attracted to NAI.  Our group of privacy professionals, ad industry veterans, computer scientists and data scientists is simply the best in the business.  It is our people who make NAI the leading self-regulatory association dedicated to responsible data collection and its use for digital advertising.  And the strength and talent of our team gives me full confidence that the future is bright for NAI.

Looking back, NAI has enjoyed many achievements over the past three years.  First, the NAI Code of Conduct has become the “gold standard” for self-regulation of third party advertising technology companies and related businesses.  At the same time, NAI has grown from a small association of ad networks based in Maine to a diverse organization with offices in New York City and Washington, DC.  We now count among our members 100 companies from across the globe that represent every facet of the third party advertising chain, both online and in mobile.  And we’ve created an annual Summit that brings together member organizations, regulators and legislators to discuss key areas of data security and consumer privacy. 

Underpinning all of this work is the recognition that the future of our dynamic industry hinges on the ability of all stakeholders to communicate, collaborate, and tackle the constantly evolving challenges together.

My commitment to self-regulation, innovation, and consumer privacy is not diminished, but I have determined that it is time for me to move on to new challenges.  I believe deeply in the mission of NAI and the value of robust self-regulation.  Successful self-regulation must start with high standards and be backed up with serious, ongoing compliance and enforcement.  NAI has both and I look forward to watching the organization continue to grow and prosper.

As for myself, I will continue to work on these issues, fueled by my passion for technology; the diverse, ad-supported Internet; and my deeply held belief that privacy is, and should always be, a core value of our society.

Submitted by Shaq Katikala on October 17, 2014

A blog post by Shaq Katikala, NAI's Compliance and Technology Fellow

NAI reviews its member companies’ compliance with the NAI Code of Conduct on an ongoing basis. Last year, we used an in-house automated tool that looked for issues in the functionality of opt-out cookies. As members fixed these issues promptly after notification, the tool helped consumers have a more consistent experience when exercising choice on the NAI’s opt-out page. 

Now, the online advertising ecosystem is transitioning away from cookies and moving to mobile devices, location data, and non-cookie technologies. With an eye to the future, NAI recently finished a major upgrade of our automated tool to spot compliance issues with new technologies and new devices. 

The new compliance software provides a more comprehensive view of the online activities of our members by looking at opt-outs, relevant data collection practices, and privacy policies. This tool is designed to detect opt-out errors on desktop browsers, mobile browsers, mobile apps, and other platforms. Using proprietary technology, it will be capable of producing insights on nearly all major forms of online data collection. That includes not just cookies, but location data, personal directory data, client-side storage, and active statistical identifiers. It also includes an integrated privacy policy scanner, which helps spot changes to members' business models and practices that may raise potential compliance questions. 

Ultimately, the updated tool should provide NAI with a unique view of the online advertising ecosystem and the ability to be technology-neutral in enforcing its Code of Conduct. Equipped with enhanced enforcement tools, NAI remains the gold standard of privacy for third party advertisers. The software is currently in its alpha stage and will be deployed shortly.

Submitted by NAI on October 10, 2014

On our blog, we'll be getting to know members of the NAI team by posting special Q&A interviews.  First up, Noga Rosenthal.  Noga is NAI's General Counsel and VP for Compliance & Policy.  

Noga, at NAI, you serve as general counsel and vice president of compliance and policy.   What are your chief responsibilities in that role?  What does an average day look like for you?


The main role that I play is helping our members ensure that they are complying with the NAI Code of Conduct.  I spend a lot of time working with members doing compliance reviews, inspecting members’ privacy policies for compliance with the Code and checking their opt-out mechanisms.

The most interesting part of my job is answering challenging and thought provoking questions from NAI members regarding compliance with the Code.  It’s my job to help members find answers to those questions and how to apply the Code to their business.  These calls from members are always a challenge- which keeps my job always interesting.  They also make me realize how dedicated our are to comply with the Code. 

The best thing about working in ad-tech – and about working at NAI in particular - is that no two days are the same.  The technology is constantly changing and business practices are always evolving to keep up.  That means NAI is evolving, too.   

You joined NAI in 2013, but participated for years before that as an NAI member company representative.  How do you think your background impacts your work and perspective at NAI?

I began my career as a corporate attorney and then joined an ad-tech company where I was responsible for ensuring that users' privacy was considered when designing new products and services.  A key guide to this function was my being a representative of my company in the NAI and its Board.  As a result, I had unique and historical insight into the formation of the NAI policies and the reasoning behind those policies.  For example, I sat in on the drafting of the NAI Codes published in 2008 and 2013.  People might not know this, but NAI members are very much a part of the Code writing process.  The diversity of NAI's membership base means that competing interests are voiced and considered, which is especially valuable when putting together the NAI Code.

But, perhaps more importantly, my background helps me understand technology from the company side.  I understand the different roles companies play in the digital ecosystem which also helps me relate to our members when they have compliance questions.  I’ve been in our members’ positions and I pull from that experience when speaking to members.

You’ve just passed your one-year work anniversary with NAI - Congratulations!  Please share a few highlights of your time with NAI in the past year.

My job is interesting because I have a front row view to watching NAI members, leaders in ad-tech, leading and trying the latest and greatest services and products.  Sometimes I think that just keeping up with the acronyms could be a full time job!  Even with this push to move ahead with new products as quickly as possible, and the competitive pressures to move ahead fast, NAI members have an obvious desire to learn more about best practices and how to apply the Code to new products and services which I find impressive and inspiring.

Over the past six months, our team has once again been working hard with our members to help them ensure that they are in compliance with the NAI Code.  At this point, the NAI is ahead of where it was last year with annual reviews, with over half its members reviewed. The compliance review process should be done by the end of this month.  It has been a true pleasure working with members, talking to their employees, and understanding their business models even better.

You’ve said that now is an especially important time for NAI.  Can you outline some of the items and issues you see on the horizon?

Looking ahead, there is a lot of uncertainty in the ad-tech world.  This uncertainty stems from several places.  First, as I’ve mentioned, the technology is constantly changing and improving.  And, secondly, there is always concern about regulation and how it might impact our industry.

Of course, to see what's on the horizon, we don't have to look any further that our daily lives.   More and more of the activities in our lives now take place online.  And, with increasing regularity, we're accessing the internet from our mobile phones and tablets.  We're sharing personal information and leaving data records.  At NAI, we believe that consumer privacy needs to continue to be an important part of the conversation now and in the future.  NAI members are looking to us for guidance.  With our Code, we give our members the tools to do it right and I’m really proud of that.

These Q&A posts are designed to help readers get to know the NAI team members.  What is something you’d like readers to know about you?

I want people to know that, at NAI, we’re here to help.  We work with members to help them understand the Code by answering questions and providing educational seminars about the Code. We help members comply with the Code by ensuring that their opt outs are functioning properly. It’s clear to me that compliance isn’t simply enforcement for us.  NAI is up-front and transparent and the compliance team members are always available to answer questions.  After all, the Code works best when it is the result of dialogue between NAI and our members. 

Submitted by NAI on October 8, 2014

In a recent post “Transparency Should Be the New Privacy,” on the IAPP Blog “Privacy Perspectives,” Richard Beaumont writes:  “The privacy policy is the document on any website least likely to inform the visitor in any meaningful way…The reality is that the privacy policy is designed to protect the owners in the case of a dispute—which is what most legal documents are designed to do.

Beaumont calls for a new solution in order to simplify privacy policy statements so that they are understandable to the consumer: a “transparency policy” or “transparency statement” – a concise clear statement that is easy to understand.  He writes, “It will be the basis on which the website will set your expectations for how you and your data will be treated….Transparency statements could be the vehicle to enable the majority of people to make better-informed choices than they currently do and use a truly market-driven approach to online privacy practice.”

In a comment posted on Beaumont’s blog post, NAI President Marc Groman wrote about the practical challenges of implementing such a solution:

“When it comes to the need for more transparency, you won’t get an argument from me. Amen! But as a person who has both drafted privacy policies and enforced privacy policies on behalf of the FTC, I am having a difficult time understanding how this would be implemented in practice. I don't have an issue with the concept or philosophy behind your thoughtful proposal for a plain and simple transparency statement, but I don't follow how it would play out and balance the multiple objectives set out in your post.”

Marc also pointed out that, while privacy policies are often not drafted with the goal of informing the general public, they do serve a valuable purpose:

“First, they often force a company to review its business model and data practices as part of the very exercise of drafting the privacy policy. Second, we [NAI] require our members to include specific information in their policies such as retention schedules for data and links to an opt-out mechanism. Third, privacy policies are reviewed by regulators, academics and self-regulatory compliance programs like NAI. This allows those stakeholders to compare practices and representations made by different entities.”

While consumers may not read privacy policies, NAI does!  As Marc stated in his comment:  

At NAI … not only do we read every word of hundreds of privacy policies every year, we have developed in house a privacy policy scanner that reviews every NAI members' privacy policy every business day for changes. The scanner identifies every revision to every privacy policy and then our team of attorneys look at those changes to help identify potential compliance issues… it is incredibly useful for both our compliance program and our members.

What do you think about transparency policies?  We invite you to engage with us on the subject as more transparency is good for everyone.