Back to top

Blog

Submitted by Leanny Prieto on June 2, 2020

Event 2: “NAI 2020 Compliance Review Priorities and Hot Topics”

Thursday, June 4, 2020 

2:00 – 3:00 PM EDT 

Register here

The NAI is about to embark on its 2020 Annual Compliance Review of member companies. As this is the first year of reviews under the all new 2020 Code of Conduct, please join us to learn where NAI staff will focus their efforts and to hear about some potentially challenging requirements, and the latest on deferred enforcement in the Precise Location Information and Audience-Matched Advertising areas. We will also discuss the NAI’s new Health Guidance and hear advice regarding compliance with Viewed-Content Advertising requirements and how to best provide notice and choice to users when collecting or using data on connected televisions. Please join us for this important panel, as attendees will be well prepared for their companies’ 2020 Annual Compliance Reviews. Panelists include:  

  • Maulik Shah, Associate General Counsel, Samba TV
  • Ron Elwell, Founder and CEO, Swoop and IPM.ai
  • Anthony Matyjaszewski, VP, Compliance and Membership, NAI

Moderator:

  • David LeDuc, VP, Public Policy, NAI

Future “Reach the Summit” events will look at the economic sectors facing change due to COVID-19 and how our industry deals with increasing legal and marketplace uncertainty.

Submitted by Anthony Matyjas... on April 27, 2020

In January, the NAI published its Guidance for NAI Members: Health Audience Segments (Guidance). Since then, the NAI has received positive feedback from members and from outside sources. We are pleased that this document has provided some much needed clarity regarding the NAI’s restrictions on tailoring advertisements related to health conditions.

One area where some potential ambiguity remains is how the Guidance interplays with the transparency requirement for member use of standard and custom health audience segments. The NAI Code requires members to publicly disclose all standard, or off-the-shelf, health-related audience segments and, if members create custom audiences, a representative sample of custom audience segments used for Tailored Advertising.

The Guidance indicates that when members rely on modeled, offline demographic data to create health-related audience segments, they should disclose the demographic makeup of the audience to meet the NAI Code’s existing transparency requirements for health segments. By disclosing the demographic basis for a health-related audience segment -- such as age and gender -- NAI members can avoid creating the impression that the users within that audience were included in the segment because they actually have, or are believed to have, any given health condition. 

In practice, however, disclosing only the demographic makeup of the audience does little to provide transparency to users because it does not provide any insight into why a member company may be tailoring advertisements based on those demographic factors. The NAI’s intention in providing this additional guidance is to ensure that member companies disclose both the demographic makeup of a segment and the reason why those demographics are being used, i.e., whattreatment, medication, or condition is believed to be relevant to that audience. Thus, the NAI intends for the Guidance to require members engaged in creating modeled audiences using demographic information to disclose both (1) that a segment is actually composed of demographic factors only; and (2) that an ad for a given treatment, medication, or condition is believed to be more relevant to that audience. Such transparency provides users with insight into what health-related audience segments the member company creates as well as the fact that these audiences are only based on demographic factors and not on any knowledge or inference that the user may have any given condition. Armed with such insight, users are then best able to make an informed choice with respect to whether they wish to receive advertisements enabled by that NAI member.

Illustrative segment disclosure for modeled health-related audience segments:

Heart Disease (based only on age, gender, and education level)

Commentary: In this example, an NAI member has modeled an audience that may find advertisements for products or services related to heart disease to be relevant (e.g., certain prescription drugs). To provide the transparency to consumers required by the Guidance, the NAI member must disclose the condition of interest (heart disease) and the demographic basis for the audience believed to be interested in the condition (age, gender, and education level).

Submitted by Rod Ghaemmaghami on March 5, 2020

In the last six months, the NAI has released new Health Targeting Guidance and new Guidance on Opt-in Consent. These activities reflect the flexibility of the NAI’s self-regulatory program to adapt quickly to meet the evolution of technology and business practices, as well as consumer expectations, and to reflect the goals of policymakers and other stakeholders. 

Today, the NAI released an updated version of our “Guidance for NAI Members: Determining Whether Location is Imprecise” (Imprecise Guidance). The new document can be found here

Originally published in 2015, the Imprecise Guidance achieves multiple purposes for members: (1) Provides meaningful parameters on how member companies could render Precise Location Information (PLI) imprecise; (2) Establishes a multi-factor analysis to determine whether data would be considered by the NAI to be precise or imprecise, if it did not fall within the listed categories of imprecise data; and (3) Explains the requirements regarding when a member company would have to obtain Opt-In Consent. 

The original document was drafted at a time when Opt-In Consent through platform settings was not yet universally available. As such, the NAI emphasized methods through which member companies could leverage location-based data while preserving consumer privacy through data minimization. As the mobile ecosystem evolved and platform controls for location data gained widespread acceptance, the NAI was able to shift our policy to require Opt-In Consent (or reasonable assurances for NAI members who do not interact directly with users) for all digital advertising uses of PLI, including Tailored Advertising and Ad Delivery and Reporting. 

The 2020 update to the NAI Code of Conduct (Code) and the publishing of the “Guidance for NAI Member: Opt-In Consent” required an update of the existing Imprecise Guidance to mirror the changes made in those documents. 

The updated Imprecise Guidance should still be referenced for the following purposes: 

  • Guidance on methods that may be used to render PLI imprecise based on categories enumerated in the document (such as using latitude and longitude coordinates with two or fewer decimal places, using a circular shape with a radius of 500 meters, and upleveling using descriptors of general places). 

  • Guidance on how to apply a multi-factor analysis to determine whether data could be considered precise if it does not fall within the previously mentioned enumerated categories. 

New content has been added to the document. The updated Imprecise Guidance now does the following: 

  • It emphasizes the concept that a “use” is broader than previously defined. If a member collects or receives PLI, and that data is to be used for Tailored Advertising or Ad Delivery and Reporting (ADR) by them or by a downstream partner, that member is required to obtain Opt-In Consent (even if the member renders it imprecise before sharing it). The act of collecting, receiving, or having the precise data is now considered a “use.”

  • It reiterates that Opt-In Consent is required for use of PLI for ADR.

  • It clarifies that Opt-In Consent is not needed by downstream partners if the data they are receiving is imprecise. 

The document has also been reorganized to clarify the NAI’s requirements and recommendations. NAI members should expect to comply with the Opt-In Consent guidance by July 1st, when enforcement of that part of the Code will begin. 

Importantly, the NAI continues to urge member companies to engage in data minimization practices to further protect consumers’ data. To that end, data which has been rendered imprecise poses fewer security risks, and good data stewardship by NAI members helps foster trust among consumers, regulators, and legislators who can rest assured that NAI member companies will only store and use raw PLI so long as necessary for their business purposes.

Submitted by Anthony Matyjas... on January 29, 2020

The NAI is opening what promises to be a busy year with new guidance on health-related ad targeting. The NAI has long imposed and enforced restrictions on the use of Sensitive Data for Tailored Advertising with the understanding that while targeted ads help to fund a robust and diverse Internet and provide users with relevant ads, a user’s engagement with certain limited types of content may not always be appropriate for Tailored Advertising. For example, research about potential cancer treatments while at home on a personal device may not be appropriate for Tailored Advertising. Additionally, the placement of web browsers or devices into audience segments labeled with sensitive conditions to be used for ad targeting could also negatively affect a user’s privacy, especially if such segments were to be misused or accessed without authorization. This practice is prohibited by the NAI Code of Conduct without a consumer’s Opt- In Consent.

Of course, many users are genuinely interested in products and treatments for their health or medical conditions and may also be interested in receiving Tailored Advertising for such products or treatments. Accordingly, the NAI provides those users with an opportunity to opt in to such advertising, described in a clear and conspicuous notice, through an affirmative action that manifests this intent.

The NAI’s opt-in requirements regarding the use of medical or pharmaceutical records are clear, as are restrictions against inferences that a user may have a sensitive health condition based on browsing or mobile app activity. In fact, these restrictions have created a strong incentive for ad-tech companies to avoid targeting users based on Sensitive Data. However, there is a long history, and a legitimate need for continued marketing of medical treatments or medications to consumers who may benefit from and wish to see these ads. The NAI’s new guidance establishes a clear framework to enable efficient marketing, while still prohibiting the selection of ads based on inferred interest in a sensitive health or medical condition, such as a specific inference based on a user’s prior engagement with a given website or mobile application.

Many advertisements may be targeted only based on general demographic factors such as age or gender. For example, a pharmaceutical company may advertise a treatment for a condition primarily affecting women, such as breast cancer, which would be considered as sensitive under the Code. In this case, the inference made in targeting such an advertisement would not be that the audience has the condition in question, or has expressed any interest in it, but rather, simply that the target audience is composed of women. Ad targeting based on demographic factors such as age or gender is an effective way to allow users to receive ads that are relevant to them while at the same time preserving users’ privacy.

However, the NAI is mindful of the fact that in some cases, if various demographic factors are combined and overlaid with additional information, such as an individual’s web browsing, app use, shopping history, or Precise Location Information, it can become much more specific and precise. The NAI’s new guidance is intended to close any potential loopholes that would allow member companies to make an inference that a user actually has, or is likely to have, a certain health or medical condition or treatment, under the guise of demographic targeting.

This guidance document also provides additional clarity as to what types of modeled audiences are considered non-sensitive by the NAI, regardless of the conditions they address, based on the size of the target audience, the type of targeting criteria involved, and the nomenclature used in segmenting audiences into such groups.

Effectively, this guidance document clarifies that the NAI staff will consider a health-related audience segment to be non-sensitive under the NAI Code, even if it is intended to target a potentially sensitive health condition, if the segment includes at least ten percent of the total population, is based only on demographic data, and is labelled with its actual demographic composition.

Importantly, even for the use of non-sensitive audience segments detailed in this guidance, NAI members must comply with the transparency requirements in the NAI Code and provide full public disclosure of all “standard” or “off-the-shelf” audience segments used for health-related Tailored Advertising and a representative sample of “custom” audience segments used for the same purposes.

The NAI will remain vigilant and proactive in this space, and will continue to lead digital advertising companies in its efforts to enhance consumer trust and privacy with regard to Sensitive Data while ensuring the Internet remains free and vibrant for all users.