“Robust self-regulation” – What does it mean?
The answers can be found in NAI’s annual Compliance Report, the yearly review of our members’ adherence to the NAI Code of Conduct and Mobile Application Code (Codes).
The NAI Compliance Report is the culmination each year of our most important program, the compliance process. The NAI sets high standards for self-regulation, but these standards would be meaningless without the NAI’s insistence on accountability. That’s where the NAI compliance program comes into play. The compliance program starts even before a company officially joins the NAI. To even be accepted as an NAI member, companies must subject themselves to a stringent review of their privacy practices as part of their membership application process so that we can be certain of their commitment to transparency and accountability. And that’s just the beginning. Once approved for membership, each NAI member company must go through a similar review every year by NAI staff to ensure compliance with our Codes. It is a time consuming and expensive undertaking for the companies, and it shows their commitment to consumer privacy and industry best practices. That’s robust self-regulation.
I also am sometimes asked: “How can it be robust-self-regulation without imposing high penalties for violations?”
Our member companies are leaders in the ad-tech industry and make extraordinary efforts to ensure compliance with the Codes. However, even the most well intentioned companies do make mistakes. Each year our staff finds that some member companies have various non-material violations of the Code such as malfunctioning privacy links and privacy disclosures that may not have provided adequate information regarding new products, such as data collection and use in mobile applications. As a result of the NAI’s automated monitoring of links and disclosures, these problems are addressed preemptively as soon as they are spotted and communicated to members. The NAI's rigorous compliance approach encourages collaborative dialogue between NAI staff and its members that creates a comprehensive, disciplined partnership that enhances the overall health of the digital advertising ecosystem and benefits consumers. The NAI’s compliance staff worked with each member company throughout the year to monitor and ensure compliance. This enabled the NAI and its members to spot potential problems and to resolve issues promptly, before they turn into larger complications affecting greater numbers of consumers.
In contrast, material violations are willful and/or very serious violations of our Codes, such as failure to provide consumer choice for an extended period of time, deliberately misleading statements in disclosures, failure to implement NAI guidance document requirements, or refusal to cooperate with NAI staff. Effectively, the availability of sanctions ensures that members cooperate with NAI staff and make any requested changes expeditiously. The NAI did not find any material violations of the Code during the latest (2016) compliance review period.
I encourage you to read our latest compliance report, the NAI 2016 Annual Compliance Report. The report provides a summary of the NAI staffs’ findings from our compliance monitoring processes of our 108 member companies during the 2016 period (January 1, 2016, to December 31, 2016).
Another great aspect of self-regulation is that it can quickly adapt to the ever-changing technologies in the ad-tech industry. In 2016, the NAI began regulating Cross-App Advertising (CAA) through enforcement of its Mobile Application Code (App Code). The 2016 Compliance Report shows that the NAI found that all member companies provided an Opt-Out mechanism for CAA. However, some of these mechanisms needed more comprehensive opt-out instructions. The NAI worked closely with member companies to help them draft improvements where needed. Ultimately, the NAI’s compliance reviews indicate that all 108 members met their obligations under the provisions of the Codes.
What’s in store for the future? The NAI always leverages the findings of the annual Compliance Report to further strengthen our self-regulatory program. This year, the NAI began enforcing two new guidance documents, addressing the use of Non-Cookie Technologies in web browsers, and Cross-Device Linking for IBA and CAA purposes. The 2017 compliance reviews include these guidance documents, and companies will be held accountable for meeting these requirements. The NAI is conducting advance work with its members and industry stakeholders to examine terminology, including the continuing relevance of maintaining a distinction between Non-Personal Identifiable Information (non-PII) and Personal Identifiable Information (PII). As data collection and use for targeted advertising on connected TVs becomes more prevalent, the NAI is also actively working to draft Guidance addressing this new ecosystem. The NAI is also continuing to develop, expand, and improve its suite of technical monitoring tools in both web and mobile application environments.
The NAI compliance program is self-regulation at its best: robust, continuous monitoring and enforcement throughout the year and adaptable to changing technologies.