Submitted by Shaq Katikala on October 17, 2014

A blog post by Shaq Katikala, NAI's Compliance and Technology Fellow

NAI reviews its member companies’ compliance with the NAI Code of Conduct on an ongoing basis. Last year, we used an in-house automated tool that looked for issues in the functionality of opt-out cookies. As members fixed these issues promptly after notification, the tool helped consumers have a more consistent experience when exercising choice on the NAI’s opt-out page. 

Now, the online advertising ecosystem is transitioning away from cookies and moving to mobile devices, location data, and non-cookie technologies. With an eye to the future, NAI recently finished a major upgrade of our automated tool to spot compliance issues with new technologies and new devices. 

The new compliance software provides a more comprehensive view of the online activities of our members by looking at opt-outs, relevant data collection practices, and privacy policies. This tool is designed to detect opt-out errors on desktop browsers, mobile browsers, mobile apps, and other platforms. Using proprietary technology, it will be capable of producing insights on nearly all major forms of online data collection. That includes not just cookies, but location data, personal directory data, client-side storage, and active statistical identifiers. It also includes an integrated privacy policy scanner, which helps spot changes to members' business models and practices that may raise potential compliance questions. 

Ultimately, the updated tool should provide NAI with a unique view of the online advertising ecosystem and the ability to be technology-neutral in enforcing its Code of Conduct. Equipped with enhanced enforcement tools, NAI remains the gold standard of privacy for third party advertisers. The software is currently in its alpha stage and will be deployed shortly.

Submitted by NAI on October 10, 2014

On our blog, we'll be getting to know members of the NAI team by posting special Q&A interviews.  First up, Noga Rosenthal.  Noga is NAI's General Counsel and VP for Compliance & Policy.  

Noga, at NAI, you serve as general counsel and vice president of compliance and policy.   What are your chief responsibilities in that role?  What does an average day look like for you?

The main role that I play is helping our members ensure that they are complying with the NAI Code of Conduct.  I spend a lot of time working with members doing compliance reviews, inspecting members’ privacy policies for compliance with the Code and checking their opt-out mechanisms.

The most interesting part of my job is answering challenging and thought provoking questions from NAI members regarding compliance with the Code.  It’s my job to help members find answers to those questions and how to apply the Code to their business.  These calls from members are always a challenge- which keeps my job always interesting.  They also make me realize how dedicated our are to comply with the Code. 

The best thing about working in ad-tech – and about working at NAI in particular - is that no two days are the same.  The technology is constantly changing and business practices are always evolving to keep up.  That means NAI is evolving, too.   

You joined NAI in 2013, but participated for years before that as an NAI member company representative.  How do you think your background impacts your work and perspective at NAI?

I began my career as a corporate attorney and then joined an ad-tech company where I was responsible for ensuring that users' privacy was considered when designing new products and services.  A key guide to this function was my being a representative of my company in the NAI and its Board.  As a result, I had unique and historical insight into the formation of the NAI policies and the reasoning behind those policies.  For example, I sat in on the drafting of the NAI Codes published in 2008 and 2013.  People might not know this, but NAI members are very much a part of the Code writing process.  The diversity of NAI's membership base means that competing interests are voiced and considered, which is especially valuable when putting together the NAI Code.

But, perhaps more importantly, my background helps me understand technology from the company side.  I understand the different roles companies play in the digital ecosystem which also helps me relate to our members when they have compliance questions.  I’ve been in our members’ positions and I pull from that experience when speaking to members.

You’ve just passed your one-year work anniversary with NAI - Congratulations!  Please share a few highlights of your time with NAI in the past year.

My job is interesting because I have a front row view to watching NAI members, leaders in ad-tech, leading and trying the latest and greatest services and products.  Sometimes I think that just keeping up with the acronyms could be a full time job!  Even with this push to move ahead with new products as quickly as possible, and the competitive pressures to move ahead fast, NAI members have an obvious desire to learn more about best practices and how to apply the Code to new products and services which I find impressive and inspiring.

Over the past six months, our team has once again been working hard with our members to help them ensure that they are in compliance with the NAI Code.  At this point, the NAI is ahead of where it was last year with annual reviews, with over half its members reviewed. The compliance review process should be done by the end of this month.  It has been a true pleasure working with members, talking to their employees, and understanding their business models even better.

You’ve said that now is an especially important time for NAI.  Can you outline some of the items and issues you see on the horizon?

Looking ahead, there is a lot of uncertainty in the ad-tech world.  This uncertainty stems from several places.  First, as I’ve mentioned, the technology is constantly changing and improving.  And, secondly, there is always concern about regulation and how it might impact our industry.

Of course, to see what's on the horizon, we don't have to look any further that our daily lives.   More and more of the activities in our lives now take place online.  And, with increasing regularity, we're accessing the internet from our mobile phones and tablets.  We're sharing personal information and leaving data records.  At NAI, we believe that consumer privacy needs to continue to be an important part of the conversation now and in the future.  NAI members are looking to us for guidance.  With our Code, we give our members the tools to do it right and I’m really proud of that.

These Q&A posts are designed to help readers get to know the NAI team members.  What is something you’d like readers to know about you?

I want people to know that, at NAI, we’re here to help.  We work with members to help them understand the Code by answering questions and providing educational seminars about the Code. We help members comply with the Code by ensuring that their opt outs are functioning properly. It’s clear to me that compliance isn’t simply enforcement for us.  NAI is up-front and transparent and the compliance team members are always available to answer questions.  After all, the Code works best when it is the result of dialogue between NAI and our members. 

Submitted by NAI on October 8, 2014

In a recent post “Transparency Should Be the New Privacy,” on the IAPP Blog “Privacy Perspectives,” Richard Beaumont writes:  “The privacy policy is the document on any website least likely to inform the visitor in any meaningful way…The reality is that the privacy policy is designed to protect the owners in the case of a dispute—which is what most legal documents are designed to do.

Beaumont calls for a new solution in order to simplify privacy policy statements so that they are understandable to the consumer: a “transparency policy” or “transparency statement” – a concise clear statement that is easy to understand.  He writes, “It will be the basis on which the website will set your expectations for how you and your data will be treated….Transparency statements could be the vehicle to enable the majority of people to make better-informed choices than they currently do and use a truly market-driven approach to online privacy practice.”

In a comment posted on Beaumont’s blog post, NAI President Marc Groman wrote about the practical challenges of implementing such a solution:

“When it comes to the need for more transparency, you won’t get an argument from me. Amen! But as a person who has both drafted privacy policies and enforced privacy policies on behalf of the FTC, I am having a difficult time understanding how this would be implemented in practice. I don't have an issue with the concept or philosophy behind your thoughtful proposal for a plain and simple transparency statement, but I don't follow how it would play out and balance the multiple objectives set out in your post.”

Marc also pointed out that, while privacy policies are often not drafted with the goal of informing the general public, they do serve a valuable purpose:

“First, they often force a company to review its business model and data practices as part of the very exercise of drafting the privacy policy. Second, we [NAI] require our members to include specific information in their policies such as retention schedules for data and links to an opt-out mechanism. Third, privacy policies are reviewed by regulators, academics and self-regulatory compliance programs like NAI. This allows those stakeholders to compare practices and representations made by different entities.”

While consumers may not read privacy policies, NAI does!  As Marc stated in his comment:  

At NAI … not only do we read every word of hundreds of privacy policies every year, we have developed in house a privacy policy scanner that reviews every NAI members' privacy policy every business day for changes. The scanner identifies every revision to every privacy policy and then our team of attorneys look at those changes to help identify potential compliance issues… it is incredibly useful for both our compliance program and our members.

What do you think about transparency policies?  We invite you to engage with us on the subject as more transparency is good for everyone.  

Submitted by Marc Groman on September 29, 2014

When NAI is there, most definitely.  We understand the privacy challenges faced by our members and the brands they partner with.  In fact, here at NAI, we are working on them every day.

Companies big and small are looking to target across channels, formats, screens and platforms in an effort to reach consumers at every point in the purchase funnel.  Yet significant challenges remain for all companies to truly leverage data for effective and efficient marketing uses.  That includes first-party, third-party and even second-party data, not to mention a brand’s own CRM data.  The goal is to reach the right customers at the right time with the most relevant ad —perhaps even in the right location. 

A lot of the debate at AdWeek will center on next generation tracking and state maintenance as the utility and reach of http cookies dwindles.  How will companies — and more importantly, our entire industry — resolve the pressing questions about cross device tracking and measurement?  This tees up a range of critical issues, including the role of technology, competition, scalability, efficiency, integrity and personalization.  It also raises questions about the ability for brands and publishers to provide consumers the digital experience they want — a consistent, dynamic, engaging and relevant experience across all their devices. 

As advertising experts debate the best way to approach these issues at this week’s panels and events, NAI staff will be right there weighing in with recommendations about the responsible collection and use of data for digital advertising in this amazing cross-device world.  This core issue continues to be hot — and not just among wonks in Washington and Brussels.  Read the Economist or the WSJ during the past few weeks for a small sample of the questions being raised about responsible data collection.  As we innovate and create new business models and technologies to provide consumers with fantastic experiences and relevant advertising, we must also bake in privacy by design — taking into account central questions about notice, choice, transparency, user control, data security and acceptability. 

This is our role at NAI, as a non-profit membership organization and the leading self-regulatory association dedicated to responsible data collection and its use for digital advertising.  The NAI Code requirements are designed with generally accepted Fair Information Practice Principles (FIPPS) in mind.  We continue to explore how these core principles apply in different contexts in an evolving technology landscape, while remaining technology and business model neutral. 

Here at NAI, we will be releasing guidance on the world beyond cookies in the near future to help ensure that rapidly developing technologies for our multi-screen world are deployed in a way that promotes consumer trust and is embraced by brands that care deeply about their reputation and customer relationships.  Stay tuned.  And more importantly, join us in our work setting high standards for digital advertising — the long-term health of the online ecosystem depends on our collective ability to maintain responsible data collection.