Ad Nets Step Up Self-Regulation

NAI’s Groman hopes to turn around policymaker privacy perceptions

In the ongoing Washington debate over privacy, advertising networks get the worst rap.

A billion-dollar business, online ad networks track consumer clickstream activity in order to sell behaviorally targeted ads to clients. But as more advertisers embrace the practice, fears about privacy concerns have intensified, leading many policymakers to doubt that self-regulation is sufficient to protect consumers from companies that may be secretly monitoring (and profiting) from their every click.

It’s a perception Marc Groman, a little more than a year into his position as executive director of the Network Advertising Initiative, would like to turn around.

“I’m often perplexed by the focus on ad networks, given that there are so many other privacy concerns out there,” said Groman, the former chief privacy officer for the Federal Trade Commission. “Third parties have often been demonized.”

Groman is hoping that the self-regulatory organization’s annual compliance report, released Thursday along with a recently revamped web site designed to educate consumers about the benefits of targeted advertising and their opt-out options, will go a long way toward turning around the negative perceptions inside the Beltway.

The NAI has nearly 100 members, including 18 of the top 20 ad networks—these include Google, AOL, Microsoft and Yahoo—that subject their networks to annual audits of their data collection and use practices. Last year, 76 ad networks were in compliance with the NAI’s standards, up from 60 that were reviewed in 2011. The 24 other nets not included in this year’s report were required to go through a pre-certification process in order to attain membership.

To be in compliance, ad networks submit to a rigorous review and automated monitoring to make sure they do not collect personally identifiable or sensitive data such as Social Security numbers, geolocation, financial and health-related information. Networks must provide clear notice about their practices and give consumers the choice to opt-out of targeted ads. NAI members also participate in the Digital Advertising Alliance’s AdChoices self-regulation program.

Of the 37 complaints the NAI received about non-compliance, 29 didn’t explicitly raise compliance issues. The eight cases that were raised were brought into compliance “almost immediately,” said Groman. “Our goal is to get the company to fix the problem,” he added. The NAI has never had to refer a case to the Federal Trade Commission.

“We will make a point of sharing this report with relevant policymakers in order to demonstrate the scope of the compliance program and show it’s working,” Groman said. “What policymakers call for is self-regulation with teeth, enforcement and accountability. This is real and very tangible.”

By the end of the year, Groman plans to add to the code guidelines governing the collection and use of data on mobile devices and to expand the use of tracking technology beyond cookies.

“The issues for mobile are very complicated,” Groman said. “It may not scale as easily, but we’re going to develop a way to do compliance.”

The NAI isn't the only self-regulation organization working on mobile privacy guidelines. By the end of the month the Digital Advertising Alliance (of which the NAI is a member), plans to release its mobile privacy principles, a counterpart to AdChoices.

Whether or not it’s enough to ward off lawmakers, Groman remains optimistic. “There will be a segment of policymakers that are skeptical. It’s up to us to demonstrate the value of self-regulation,” Groman said.