In the last six months, the NAI has released new Health Targeting Guidance and new Guidance on Opt-in Consent. These activities reflect the flexibility of the NAI’s self-regulatory program to adapt quickly to meet the evolution of technology and business practices, as well as consumer expectations, and to reflect the goals of policymakers and other stakeholders.
Today, the NAI released an updated version of our “Guidance for NAI Members: Determining Whether Location is Imprecise” (Imprecise Guidance). The new document can be found here.
Originally published in 2015, the Imprecise Guidance achieves multiple purposes for members: (1) Provides meaningful parameters on how member companies could render Precise Location Information (PLI) imprecise; (2) Establishes a multi-factor analysis to determine whether data would be considered by the NAI to be precise or imprecise, if it did not fall within the listed categories of imprecise data; and (3) Explains the requirements regarding when a member company would have to obtain Opt-In Consent.
The original document was drafted at a time when Opt-In Consent through platform settings was not yet universally available. As such, the NAI emphasized methods through which member companies could leverage location-based data while preserving consumer privacy through data minimization. As the mobile ecosystem evolved and platform controls for location data gained widespread acceptance, the NAI was able to shift our policy to require Opt-In Consent (or reasonable assurances for NAI members who do not interact directly with users) for all digital advertising uses of PLI, including Tailored Advertising and Ad Delivery and Reporting.
The 2020 update to the NAI Code of Conduct (Code) and the publishing of the “Guidance for NAI Member: Opt-In Consent” required an update of the existing Imprecise Guidance to mirror the changes made in those documents.
The updated Imprecise Guidance should still be referenced for the following purposes:
Guidance on methods that may be used to render PLI imprecise based on categories enumerated in the document (such as using latitude and longitude coordinates with two or fewer decimal places, using a circular shape with a radius of 500 meters, and upleveling using descriptors of general places).
Guidance on how to apply a multi-factor analysis to determine whether data could be considered precise if it does not fall within the previously mentioned enumerated categories.
New content has been added to the document. The updated Imprecise Guidance now does the following:
It emphasizes the concept that a “use” is broader than previously defined. If a member collects or receives PLI, and that data is to be used for Tailored Advertising or Ad Delivery and Reporting (ADR) by them or by a downstream partner, that member is required to obtain Opt-In Consent (even if the member renders it imprecise before sharing it). The act of collecting, receiving, or having the precise data is now considered a “use.”
It reiterates that Opt-In Consent is required for use of PLI for ADR.
It clarifies that Opt-In Consent is not needed by downstream partners if the data they are receiving is imprecise.
The document has also been reorganized to clarify the NAI’s requirements and recommendations. NAI members should expect to comply with the Opt-In Consent guidance by July 1st, when enforcement of that part of the Code will begin.
Importantly, the NAI continues to urge member companies to engage in data minimization practices to further protect consumers’ data. To that end, data which has been rendered imprecise poses fewer security risks, and good data stewardship by NAI members helps foster trust among consumers, regulators, and legislators who can rest assured that NAI member companies will only store and use raw PLI so long as necessary for their business purposes.