Moving the Goal Posts Without Changing the Rule Book
Earlier this week a Stanford graduate student posted a blog entry announcing “preliminary findings from experimental software” about how companies participating in the Network Advertising Initiative (NAI) handle opt outs to online behavioral advertising.
Unfortunately, these preliminary findings confuse the important distinction between longstanding “Do Not Target” choices offered by online advertisers, and new browser technologies that offer users the promise of not being “tracked.”
Under the NAI self-regulatory code, companies commit to providing an opt out to the use of online data for online behavioral advertising purposes. We’ve long recognized that consumers should be provided a choice about whether data about their likely interests can be used to make their ads more relevant. But the NAI code also recognizes that companies sometimes need to continue to collect data for operational reasons that are separate from ad targeting based on a user’s online behavior. For example, online advertising companies may need to gather data to prove to advertisers that an ad has been delivered and should be paid for; to limit the number of times a user sees the same ad; or to prevent fraud. Gathering this operational data may involve the use of cookies separate from those used to enable interest-based ad targeting, or to maintain a consumer’s opt out preference.
We want to be very clear that we are firmly committed to enforcing the NAI Code’s requirements that companies provide users with an opt out to behaviorally-targeted ads. As part of our annual review process, we routinely review a broad variety of inputs, including reports in the media and from advocates. The online medium is remarkably transparent, allowing for evaluation of company data collection practices and of the effectiveness of self regulation. If there are credible allegations of a violation of the NAI Code, we investigate them; and if there are violations, we report them.
However, it’s also important to draw a fair distinction between existing industry self regulatory commitments to limit ad targeting based on user interests, and the views of proponents of newly emerging “Do Not Track” technologies who argue that advertising companies should be stopped from collecting any data. We’ve been following with interest the recent introduction by browser manufacturers of “Do Not Track” features that promise in various degrees to limit browser data collection. A robust debate is going on about how these browser features might be integrated with the existing industry self-regulatory programs, but for now there is no universally agreed upon definition of what “Do Not Track” means.
Given the rapidly evolving nature of Internet technology, it’s entirely appropriate for self regulatory programs to evaluate how best to adapt these new browser technologies. But in order for consumers and companies to understand what is being offered on the “Do Not Track” playing field, the goal posts can’t be a moving target. More importantly, we should be clear about when rules changes will have profound consequences: prohibiting the gathering and use of operational data may inhibit the ability of companies to serve even non-targeted ads; impair efforts to stop fraud by bad actors; and seriously jeopardize the viability of advertising supported free content and services on the Web. There is a vital distinction between limiting the use of online data for ad targeting, and banning data collection outright. We look forward to being part of the dialogue about how best to define – and deploy – a “rulebook” for online choices that are not only consistent with consumers’ privacy expectations, but that also preserves the viability of ad-supported online services that millions of consumers enjoy every day.
-Chuck Curran, Executive Director, NAI