Last updated: September, 2015
The Network Advertising Initiative’s (NAI) Self-Regulatory Code of Conduct (Code) sets high standards for Interest-Based Advertising and related business models applicable to its third-party advertising members. These standards embody the Fair Information Practice Principles of notice, choice, transparency, use limitations, data security, access, and accountability. The accountability principle is at the heart of the NAI program. The NAI and its members invest enormous resources towards working to ensure that consumer choices are honored and data privacy is respected through a rigorous compliance and robust enforcement process, which include the steps and procedures set forth below.
Onboarding New Members:
The first piece of the NAI’s compliance process is the onboarding of members which helps ensure members’ compliance with the Code even before they join the NAI. NAI staff conducts detailed evaluations of applicants’ business models to help confirm that their business practices are capable of meeting the requirements of the Code. NAI staff examines the data collection, use, retention, and sharing practices, as well as relevant disclosures and affirmations of contractual provisions. The NAI also reviews the applicant’s choice mechanisms to assess their consistency with the Code, including testing the technical functionality of applicant’s opt-out mechanisms to ensure their compatibility with the NAI industry opt-out tool.
Through this review, staff highlights potential practices that need to be addressed for a company to become an NAI member. The NAI may provide guidance and suggestions about Code compliance at every step, including their perspective on practices to help companies go above and beyond the requirements of the Code. However, NAI staff cannot advise applicants on their individual legal obligations.
Monitoring of Members
In addition to reviewing the Interest-Based Advertising-related business practices and policies of all applicants prior to their membership in NAI, the NAI continues to monitor its members on a regular basis as follows:
NAI Technical Monitoring Tools
Under the Code, each member is required to provide and honor the consumers’ choice to disallow Interest-Based Advertising activities by the member on a particular browser. Throughout the year, NAI staff uses the technical monitoring tool to monitor its member’s opt out mechanisms. The technical monitoring tool automates Web crawls and gathers data related to members’ opt-out functionality and reliability. It analyzes the crawl data for signs of potential issues and then reports the results of these analyses to NAI staff. NAI staff use these reports to identify and quickly address potential problems with member opt-out mechanisms. Working together, the NAI and members can seek to assure that any potential downtime of an opt-out are as minimal as possible.
Investigation of Consumers Concerns
The NAI provides a central site for consumers to ask questions and raise concerns about members’ compliance with the Code. NAI staff reviews and, if warranted, investigates these complaints. NAI’s goal is to identify any evidence of non-compliance with the Code and to work with members to address any potential violations as quickly as possible.
When a consumer complaint or other inquiry is received, NAI staff first seeks to determine whether it concerns an NAI member, and whether it relates to compliance with the NAI Code. NAI staff resolves the vast majority of addressable consumers’ questions and concerns by responding directly to the consumers. If the complaint raises a technical problem or concern that NAI staff cannot remedy alone, NAI staff refers the matter to the affected member. If NAI staff finds that the complaint alleges potential material non-compliance with the Code, the matter may be referred to the NAI Board of Directors with a recommendation for sanctions, as discussed below.
Investigation of Other Complaints
NAI staff also investigates other instances of possible non-compliance with the Code discovered by staff, or brought to staff’s attention by others, including by regulators or other NAI members. The full NAI compliance team, consisting of attorneys and technologists, investigates the purported non-compliance matter. If NAI staff finds that the complaint alleges potential material non-compliance with the Code, the matter may be referred to the Board of Directors with a recommendation for sanctions, as discussed below.
Membership in the NAI requires that members undergo an annual review of their business models, policies and practices to help confirm that they continue to comply with the Code, even as their individual businesses, and the industry as a whole, evolves. These reviews proactively examine companies' Interest-Based Advertising-related business practices and public representations against the requirements of the Code.
The first step of the Annual Compliance Review requires that members submit written responses to a detailed questionnaire provided by NAI staff to the member. The questionnaire requires members to describe their business practices and policies in juxtaposition to the obligations of the Code requirements. The questionnaire covers such issues as the collection and use of data for Interest-Based Advertising purposes; policies governing those practices; contractual requirements imposed on business partners concerning notice and choice around Interest-Based Advertising activities; other protections for data collected and used for Interest-Based Advertising purposes, such as data retention schedules; and processes for oversight and enforcement of contractual requirements. Where relevant, the questionnaire also requests that members provide supporting documentation such as marketing materials or contracts.
Following the review of questionnaire submissions and other supporting materials, at least two NAI staff members interview representatives from the member. During these interviews, the compliance team reviews the Code requirements with the member to help ensure that the member is aware of its responsibilities under the Code and the sanctions that can result it does not honor its commitments. The NAI team also queries technical representatives of members about data flows, opt-out functionality, data retention, all technologies used for Interest Based-Advertising on desktop and related purposes, and technical measures to prevent the use of Personally Identifiable Information for Interest Based-Advertising purposes.
The NAI takes a proactive approach in helping members address and fix the issues detected by these compliance activities. If found not in compliance, a member can work with NAI staff to implement changes to the member’s practices. This Annual Compliance Review process, which necessarily relies on input from members, is intended to help member companies identify potential issues with business practices before they become a significant and material problem.
After the completion of the questionnaire and interview process, and as a final step in the annual compliance review, members are required to attest in writing to their ongoing compliance with the Code. They must attest to the veracity of the information provided in the review process, including any necessary amendments to the questionnaire.
The Annual Report summarizes the results of the NAI’s compliance program in a given year. Through publication of the annual report, consumers, regulators and others gain visibility into the NAI’s compliance program and self-regulatory process.
You can learn more about our compliance program by reading the NAI's past annual reports. Links to the NAI's published annual reports are provided above.
Sanctions and Enforcement
A detailed compliance assessment process, coupled with strong sanctions, are essential components of the NAI self-regulatory program. If NAI staff finds during any of the compliance processes that a member has materially violated the 2015 Update to the Code of Conduct, then staff may refer the matter to the Board of Directors with a recommendation for sanctions. The member company may be given the opportunity to address the Board and respond to a staff finding of non-compliance.
If the NAI Board determines that a member has materially violated the 2015 Update to the Code of Conduct then the NAI may impose sanctions, including suspension or revocation of membership and may refer the matter to the Federal Trade Commission. Further, the NAI may publicly name a company or the violation in the compliance report, and/or elsewhere as needed, when NAI determines that a member has engaged in a material violation of the 2013 Code of Conduct.
To learn more about the NAI's enforcement procedures, click here.
*Please return to this page frequently to learn of updates and additional guidance to our Code and Compliance program and to review the annual reports generated by the NAI.