Back to top


Submitted by Leigh Freund on April 8, 2019

Today, the Network Advertising Initiative (NAI) joined with other leading trade organizations representing America’s advertising industry as steering committee members of a new coalition, Privacy for America

The mission of the Coalition is to promote a transformative, robust U.S. privacy framework that would set forth clear, enforceable and nationwide consumer privacy protections, establish new prohibitions on a variety of data practices, and strengthen enforcement by the Federal Trade Commission (FTC).

With our increasingly complex and evolving digital landscape, Americans deserve clear protections that prohibit companies from using their data in unexpected or harmful ways. Consumers should be able to count on strong data privacy and security protections without being subjected to endless notices, terms, conditions, and clicks to access the content and services they enjoy across the Internet.

The Coalition will build on and compliment the NAI’s nearly two decades as the leading self-regulatory organization for third-party digital advertising.  We have always been committed to ensuring privacy protections throughout the digital advertising ecosystem, and this effort will promote federal privacy legislation to translate this commitment into a new law applying not only to digital advertising, but across the economy.

In the weeks ahead, the Coalition will meet with leaders in Congress, the Federal Trade Commission, the Department of Commerce, the White House, companies across the U.S. economy, and other key stakeholders to create robust new privacy protections to restore trust between consumers and businesses.

The Coalition will be drawing on the vast expertise and experience of Jessica Rich as a key advisor.  Jessica is a former Director of the FTC’s Consumer Protection Bureau, and a steadfast proponent of strong consumer privacy and data security protection.

Submitted by Tony Ficarrotta on February 27, 2019

Fortune recently published an article expressing concern about the potential misuse of sensitive personal data in digital advertising. User activity online and across mobile apps is often highly personal and potentially sensitive, and the NAI agrees that any potential misuse of sensitive information, in advertising or otherwise, raises serious privacy concerns.

The protection of sensitive data has long been a key pillar of the NAI Code of Conduct, which prohibits NAI member companies from using sensitive data for interest-based advertising without opt-in consent. Even if a user does provide opt-in consent to receive interest-based ads based on sensitive data, NAI members are prohibited outright from using or sharing any information collected for interest-based advertising for eligibility purposes. For example, an NAI member could not disclose to a life or health insurance company that a user is associated with a cancer interest category for insurance or coverage eligibility purposes, nor to an employer or prospective employer for employment eligibility purposes.

Of course, the concerns raised in the Fortune article do not exist in a vacuum. The article references a European complaint brought by privacy advocates relating to a “taxonomy” of digital content developed by the Interactive Advertising Bureau (IAB). The taxonomy provides publishers and other digital content creators with a standard system to classify what kinds of content they provide through their websites, mobile apps, and other online platforms. The categories in the IAB taxonomy range from benign, such as “amusement and theme parks,” to highly sensitive, such as “sexual health conditions.” The sensitive categories identified in the article broadly overlap with categories the NAI treats as sensitive under its Code of Conduct. These include, but are not limited to, health categories such as cancer, mental health, and sexually transmitted diseases.

However, the existence of this taxonomy and the fact that it includes sensitive categories does not imply that companies are using sensitive personal data to target advertising to various individuals. Rather, the content categories IAB has standardized for use in digital advertising are primarily used by websites, mobile apps, and other online platforms to communicate to advertisers what kind of content they host on their properties. This allows them, for example, to sell space for contextual advertisements that are not tailored to particular web browsers or devices. In practice, this would enable a website that publishes general information about the symptoms of and treatments for sensitive health conditions to tag its own content with categories in the IAB taxonomy. This in turn would allow advertisers (like, e.g. health clinics or pharmaceutical companies) to advertise on the site without targeting individual site visitors. Content tags also allow brand advertisers to make decisions about where their ads will appear for brand integrity purposes. For example, some advertisers may be particularly interested in advertising on, or particularly keen to avoid advertising on, a site that has tagged its content with certain religious or political categories.

The NAI and our membership go to great lengths to prevent the misuse of sensitive data in interest-based advertising. However, we also recognize that there are some bad actors who don’t adhere to our high bar. That is why NAI membership, adherence to the NAI Code of Conduct, and accountability through annual compliance reviews by the NAI staff are so important for building and maintaining trust in the digital advertising ecosystem. Further, the NAI ensures that consumers can choose whether to participate in interest-based advertising using our central, easy-to-use opt-out tool. Finally, the NAI strongly supports a federal privacy framework that would require all companies to adhere to the privacy-protective practices established by our Code. That framework should leverage existing industry self-regulation by creating a strong safe harbor program, which would assist the FTC with enforcement efforts and provide certainty to companies with a compliance mindset.

Submitted by NAI on February 7, 2019

Privacy has been in the news a lot this past year, and for good reason. Two recent initiatives, GDPR and the California Consumer Privacy Act (CCPA), reflect increased awareness of data collection practices and users' desire for greater transparency and control. However, in today's digital driven economy, "one size fits all" legislation will most likely not be the final answer. Like all great transformational movements, it will take an evolutional process to find the right balance between innovative services and increased user controls. To help make sense of what's happening now, as well as some areas where additional attention is required, we caught up with Kevin Ching, SVP of Product and Data Strategy for NinthDecimal, who joined the NAI Board of Directors earlier this year for a Q&A about several key issues and topics including what's driving the data and privacy conversation and how it's shaping the advertising and marketing ecosystem.


Q: There is currently a lot of attention related to digital privacy. What's driving it, and why do you feel it's capturing the spotlight now?

Over the past year there have been several significant developments that have led to increased attention around consumer data and privacy. Most notably, the European Union (EU) General Data Protection Regulation (GDPR), which established new regulations to enhance data protection and privacy for residents of the EU and the European Economic Area. As the GDPR came into force this year, data and privacy became front-and-center for consumers, legislators and the marketing and advertising industry.

In addition, recent news about potential data misuse from high profile companies here in the U.S. shined a spotlight on the issue and the potential impact on U.S. citizens. These were a major driving force behind enactment of the California Consumer Privacy Act (CCPA) in June of last year. The CCPA is currently scheduled to take effect in 2020, and it requires enhanced disclosures from companies on what consumer data they collect, what they do with the data, and more importantly, like the GDPR, give consumers more control of that data.

These new landmark regulations have raised important questions within the industry about how to adapt to these very expansive, but different regulations, and how to balance these rigid requirements with the benefit for consumers and small businesses that rely on the collection of consumer data to drive their businesses.


Q: Are recent revelations of data misuse and new regulations directly linked, or is this just coincidental?

While recent events have definitely elevated the discussion of consumer privacy to a whole new level, privacy has been, and will continue to be, essential for citizens and a priority for most of the industry – no matter where you fall within the advertising and marketing ecosystem.

In fact, as data becomes a more integral part of personalized marketing, companies have already moved to provide greater safeguards to ensure proper use of consumer data. Leading organizations like the NAI are also emerging to help ensure data compliance and transparency.


Q: How consistent are the regulations imposed by the GDPR and CCPA, and how are they different?

While each initiative has different components and levels of control, both are focused on two primary goals. First, to give consumers more insight into what type of information is being collected and how it's being shared. Second, to create an easy process for consumers to make informed decisions about sharing data. So, it's fair to say that both of these new policies promote enhanced notice and control, but they go about it in very different ways—the GDPR inherently focuses more on use, where the CCPA focuses on sharing of data.


Q: Do these regulations reflect a disconnect between the advertising and marketing industry, consumers and legislators, and what does this mean?

Unfortunately, yes. In the grand scheme of things, the digital economy is only a few decades old, and it's moving so fast that technology evolution has outpaced public education, or "data transparency." But it's important to remember that we live in a market economy that is supported heavily by advertising. Therefore, doing away with advertising as we know it is likely to not only alter current business models, but it will also have unintended consequences for consumers, such as eliminating much of the ad-supported content and free services that consumers enjoy today– email and news sources for example. This is a side effect that many consumers—and even policymakers— are not aware of. As an industry, we need to do a better job of explaining this tradeoff and helping to craft and implement policies where privacy and a robust internet ecosystem are not mutually exclusive.

I also want to point out that an increasing majority of companies rely on data to improve the customer experience. We shouldn't lose sight of the fact that there are significant benefits to consumers from data-driven innovation. Take for example online shopping. Think about the ability to save things in a "wish list" or "cart," or when vendors use data to make customized recommendations based on historical purchases. Most consumers probably don't realize that these are among the most common uses of internet data collection. Nor do consumers likely consider the benefit of customized informational services, such as weather predictions that will provide an accurate, timely forecast based on where you are. These types of services are only made possible by sharing of relevant data. And, of course, there are also benefits to data-driven advertising. In addition to trying to pair an advertisement to something that is relevant to a consumer, there are instances when companies use data to limit the number of ads that someone sees. There are a lot of benefits to data collection, and a wide range of data types. It is more important now than ever that we as an industry find the right balance and make sure consumers know what is being collected, and that we make it easier for them to exercise control over how it's being used.

To create this balance, it's important that consumers, policymakers and industry representatives work together to ensure alignment. Transparency is paramount to that success. Without it, we won't be able to create a foundation of trust between consumers and the advertising/marketing industry.


Q: What does recent legislation such as the CCPA mean for companies like NinthDecimal that rely heavily on the use of location data?

Recent legislation such as the CCPA are not written specifically with location data in mind. It focuses much more broadly towards consumer data and advertising in general. It's applicable to virtually every company that collects user information.

That said, location data companies that are making data privacy compliance a priority and are proactively creating a privacy friendly infrastructure will be able to adapt to new industry standards or legislation more quickly and effectively than those who are not. At NinthDecimal, we've always been committed to the highest standards in privacy. In 2011 for example, we helped establish privacy guidelines that are widely adopted by the mobile ecosystem. We've also been implementing Privacy by Design as a standard for building products since we launched Location Graph seven years ago. And even though we are a U.S.-only company, we have undergone a thorough GDPR internal audit and meet all compliance standards of our partners.


Q: Do you see more changes coming? If so, what and to what extent?

I do think that the CCPA will lead to adoption of similar legislation from other states and has opened the door for a national privacy standard. To continue building towards a well-balanced advertising ecosystem and consumer benefits, it will be important for us to constantly monitor and reevaluate what is working and what needs to be adjusted.

As I mentioned earlier, continued collaboration between the advertising industry and policymakers, along with key learnings from recently implemented data management policies, will be key to building the kind of consumer trust that leads to a thriving ad-supported economy that also benefits consumers.


About Kevin Ching

Kevin has an extensive track record in successfully implementing and growing privacy friendly mobile and data businesses globally. He has been recognized for co-developing AdChoices, a self-regulatory program for online interest-based advertising, for the mobile ecosystem. NinthDecimal was one of the first companies to offer a "mobile ad choices" icon and opt-out ad option in 2012. Kevin is also a recipient of the IAB 2017 Service Excellence Award for his work on the Mobile Location Data Guide for Publishers. Earlier in his career, Kevin's contributions helped NinthDecimal win the North American Frost and Sullivan New Product Innovation Award for the company's launch of its audience intelligence platform, Location Graph.

NinthDecimal has been a member of the NAI since 2015.