Results tagged “Privacy” from IABlog

IAB Launches Digital Advertising Regulation 101 Guide

| | Comments | TrackBacks (0)
Are you familiar with Section 5 of the FTC Act?   Do you know how the government enforces its privacy laws?  What are the important state and federal laws that are relevant to your business model?

 Historically, the U.S approach to regulating privacy has been largely sectorial, meaning that there are a number of laws in place that address individual industries (e.g., healthcare or financial services) versus the far more comprehensive approach taken by the European Union.

To provide digital advertisers with a basic working knowledge of the current privacy laws applicable to the industry, the IAB has created a Digital Advertising Regulation 101 resource

This guide is for those with a limited understanding of current privacy law who are looking to learn a little bit more about the U.S.’s basic approach to these issues.  It is not meant to provide extensive detail into legislative histories or prognosticate on the outcome of pending privacy cases winding their way through the courts, but instead to give those new to the world of privacy a lay of the land.  

The guide covers all facets of digital advertising regulation.  It explains the basic rules that businesses need to follow, outlines both federal and state regulation, and provides summaries of sector-specific rules pertinent to digital advertising (all linking out to further information for those interested in delving deeper into a certain topic).  

This new resource is a supplement to the IAB’s Legislative and Regulatory Tracker that went online in October of last year.  It is meant to provide a general overview of the policies already in place, while the Legislative Tracker shows up-to-date developments on individual pieces of pending legislation in the context of digital advertising.

About the Author

Stephen Hicks

Since February 2009, Hicks has served as General Counsel and Corporate Secretary for Ziff Davis, LLC. and its predecessor. Hicks is co-chair of the Interactive Advertising Bureau (IAB) legal affairs committee. Prior to joining Ziff Davis, Hicks served as General Counsel and Secretary for: MTM Technologies Inc. a publicly traded IT services provider and product resller; OutlookSoft Corp. a VC backed international financial software corporation acquired by SAP; and AMICAS Inc. (formerly VitalWorks) a publicly traded medical software corporation. Hicks also worked on the executive staff of Dennis Vacco, the New York State Attorney General; and was an associate at a New York law firm.
Enhanced by Zemanta


Privacy advocates and regulators have challenged the ad industry to provide meaningful choice when it comes to the collection and use of behavioral data. In response, industry leaders have come together in support of the enhanced ad notice icon, which leads the user to industry wide disclosure and choice options. Although some still question this approach, it is well positioned to have significant industry adoption as a framework for consumer choice on traditional websites.

PrivacyChoice_Policymaker.jpgThe industry is at an earlier stage when it comes to providing notice and choice on mobile devices. The infrastructure delivering mobile ads isn’t as well developed, and the ecosystem is more complex with carriers, devices and operating systems each playing a role. Nevertheless, given the rapid growth expected for mobile advertising, and the heightened privacy concerns associated with location-aware mobile devices, it is imperative that we also focus on how to deliver meaningful choice in this new environment.

The in-ad use of the enhanced ad notice icon faces some obstacles when applied to ads that appear within mobile apps, a growing segment of online ads. Not only does there tend to be less visible real estate in mobile ads, there’s no easy way (like cookies) to store the preference so that it is accessible across or between different apps and the mobile browser. Companies are working on ways to store tracking preferences at the device-level, but to work this will take a new level of cooperation between advertisers, operating system providers, and app makers—each with their own privacy agenda.

Despite these challenges, meaningful choice may actually become easier for ads in mobile apps because they can provide a different choice framework. Unlike typical websites, every app already has a moment of choice before any data collection begins: the moment of installation. Users typically install new apps through a marketplace (like Apple’s App Store) where they search, browse, and select new apps. Each app has a reference page, which can include links to terms of service and privacy information. Notice-and-choice for tracking, possibly even the icon itself, can be provided at this stage in the process of installing an application.

Is it asking too much of mobile app makers to create appropriately titled links and a privacy policy with the right disclosure? In fact, privacy policies are already required of websites under the laws of many states. Even though a minority of apps have a published privacy policy, that can change as privacy disclosure becomes easier and more automated. For example, we recently launched PrivacyChoice Policymaker, a 10-minute guided policy generator for mobile apps. It provides robust first-party privacy policy for the app’s own data collection, but also automatically adds the right disclosure for ad-company tracking. This disclosure includes company-specific opt-outs when available, and can link to any Do Not Track approach that may emerge.

Over time, privacy choices will be embedded more elegantly into mobile apps and operating systems. But as a starting point, every app should have a privacy policy and apps with ads should include robust notice-and-choice for third-party tracking. Ad delivery companies are in the best position to make this happen directly with their publisher clients. If app developers can be asked to take this relatively painless step, choice may even come sooner—and be more meaningful—in mobile apps than it has been so far on the Internet.

About the Author

sp_brock_jim.jpgJim Brock

Jim Brock is Founder and CEO of PrivacyChoice. You can follow him on Twitter @privacychoice.

Continue the discussion on this IAB Ad Ops blog series on Twitter by adding #MeaningfulChoice to your tweets.


On December 7 in San Francisco, Quova sponsored the IAB’s last Innovator’s Round Table Dinner (IRD) of 2010, and I had the honor of being their host.  The event was held at the popular Peruvian eatery La Mar, on Pier 1 (the food was fabulous, and if you go, be sure to order a ‘Pisco Sour’ from the bar). Having been sponsored by an industry leader in online geo location the conversation—not surprisingly—centered on the following topics related to location-based advertising:

  • The benefit of geo-location to advertisers and marketers
  • The opportunities and risks created by the joining of online and offline data
  • The responsibility and challenges of protecting consumer’s privacy.

I had the pleasure of sitting with a table of overachievers that included LaurieAnne Lassek and Walter Beisheim of Quova, Michael McGuire and Alicia Gubba of Gartner, Jack Androvich of AutoDesk and Chase Norlin of Alphabird.  I am still kicking myself for not asking the origin of the name “Alphabird” (perhaps it is the bird that incited the violence depicted by Alfred Hitchcock?).  

Our spirited conversation brought interesting points. The benefit of location awareness to advertisers was summed up in the term “relevance.”  Relevance is a nuanced term in the digital advertising industry. However, if you think of all the information we can know about a consumer and their interests before delivering an ad, it’s all potentially useless if our offers are poorly targeted with regard to a consumer’s location. For instance, my interest in Peruvian food and music is generally irrelevant, EXCEPT when I am visiting San Francisco. Then it becomes highly relevant—to La Mar

The joining of offline and online data remains a touchy subject. While we did not delve deeply into why, we did acknowledge that regulation is coming in this area, and there are challenges. One of those challenges is how to use merged data to effectively market to consumers, without making them feel as if they were being ‘stalked’ in the real world based on their online activity. Companies that control offline consumer data manage a terrifying amount of personal information.  If offline personal information is merged with online profiles, and that merger results in highly targeted online offers, there may be a risk of alarming, rather than enticing consumers—thus breaking the trust relationship between consumer and brand.  When consumers lose the ability to exercise control over their personal information, the issue becomes very sensitive. Our industry would be wise to offer consumers meaningful choice to enhance trust, not break it.  This of course, led us naturally to the last topic. 

We fear what we do not understand. The Federal Trade Commission is reminding us of this every day. If we do not want to risk driving the consumer away, then our industry must take steps to earn their trust. Trust is built through educating and offering meaningful choice to consumers. As such, the self-regulatory work we are engaged in (see will need to evolve to include targeting based on location awareness.

This was the third IRD I have attended, and the first I have hosted.  These are special events—always intimate, personal and full of stimulating conversation. Thanks to Quova for sponsoring, and thank you to all those who attended and participated.

Happy Holidays!

Steve Sullivan is VP Digital Supply Chain Solutions for the IAB