The Privacy Man cometh. Now it’s time to figure out who is going to payeth!

The industry has formally taken a stance to thwart the strong arm of the FTC by enforcing compliance of self regulatory guidelines on data collection and usage.  The Digital Advertising Alliance, which is comprised of the leading advertising trade organizations AAAA, AAF, ANA, DMA, IAB, NAI & the BBB, has selected Better Advertising’s monitoring technology to help enforce compliance. Enforcement is said to begin Jan 1, 2011., and the enforcer will actually be the BBB. I’ll also add that this initiative is in its very nascent stages and surely will continue to be shaped by adoption and the economics of the process. AdSafe Media and TRUSTe have partnered  to become the second provider of compliance enforcement, and will be applying for the same accreditation that Better Advertising received from DAA. You can bet that a handful of others will enter the space as it grows. This is a good thing. We need multiple options for healthy competition, as well as many minds working to keep the FTC from passing ‘baby & the bathwater’ type of regulations for online advertising targeting. However, it is notable that Better Advertising is the only company solely focusing on this.

Compliance is Everyone’s Responsibility, Sort Of

The onus of compliance is going to be more on the publisher/network/DSP side than the advertisers.  When placing buys on networks, exchanges, DSP’s, and even sites directly, when using behavioral targeting, an advertiser can license the icon via the publisher, or choose to use their own, so to speak. The icon overlay can be served via the publisher’s account and over the advertiser’s third party served ad without any technical implementation by the advertiser, or the advertiser can work directly with Better Advertising (and  at some point in the future, a provider of choice). Of course the cost always comes back to the advertiser somehow. But adding more line items of marketing technology fees is not something that advertisers embrace quickly.  So ultimately it is too early to tell whether the standard practice will be the advertiser or publisher being responsible for compliance. However, the big agency holding companies, in addition to the ad networks and publishers, have all bought in and are slowly ramping up delivery of BT ads with the “Advertising Options Icon”, which provides consumers with disclosure regarding data collection and usage, and the ability to opt-out of  specific targeting. Currently when consumers opt-out of targeting they are opting out at a data / targeting provider level, not at an advertiser level.

The Cost of Compliance Enforcement

Publishers & advertisers who are compliant will be able to license the use of the icon for $5,000 per year (if annual BT revenue is less than $2MM this fee is waived). This fee helps fund the DAA and enforcement of compliance. Better Advertising is paid a nominal CPM for the service, which consists of the delivery of a java script overlay of the icon and the functionality of disclosure,  compliance monitoring, and opt-out facilitation. They also offer additional reporting services for additional fees. Essentially the bigger media companies, networks and agencies will be subsidizing the early stages of these initiatives by adopting and paying for the technology so that eventually the costs for everyone can come down with volume.

Challenge: The industry will have to fork out millions of dollars for this.

A new role of planning will include mapping out where compliance is necessary, in which case the icon needs to be visible, and where it is not. Note to agencies – there may be an audit trail requirement here to ensure that you are not paying for enforcement of non BT targeted ads. Nominal CPM or not, it adds up just like ad serving, or ad verification. Ideally it would be nice to have this built into the ad server – but I can say that about so many things! Assume that compliance and the use of the icon will be a part of media terms & conditions in the not too distant future.

One of the elephants in the room is the slightly ambiguous definition of compliance – or more accurately what the compliance is ensuring. The following are the DAA’s Self Regulatory Principles:

The Education Principle calls for organizations to participate in efforts to educate individuals and businesses about online behavioral advertising and the Principles.

The Transparency Principle calls for clearer and easily accessible disclosures to consumers about data collection and use practices associated with online behavioral advertising. It will result in new, enhanced notice on the page where data is collected through links embedded in or around advertisements, or on the Web page itself.

The Consumer Control Principle provides consumers with an expanded ability to choose whether data is collected and used for online behavioral advertising purposes. This choice will be available through a link from the notice provided on the Web page where data is collected.

The Consumer Control Principle requires “service providers”, a term that includes Internet access service providers and providers of desktop applications software such as Web browser “tool bars” to obtain the consent of users before engaging in online behavioral advertising, and take steps to de-identify the data used for such purposes.

The Data Security Principle calls for organizations to provide appropriate security for, and limited retention of data, collected and used for online behavioral advertising purposes.

The Material Changes Principle calls for obtaining consumer consent before a Material Change is made to an entity’s Online Behavioral Advertising data collection and use policies unless that change will result in less collection or use of data.

The Sensitive Data Principle recognizes that data collected from children and used for online behavioral advertising merits heightened protection, and requires parental consent for behavioral advertising to consumers known to be under 13 on child-directed Web sites. This Principle also provides heightened protections to certain health and financial data when attributable to a specific individual.

The Accountability Principle calls for development of programs to further advance these Principles, including programs to monitor and report instances of uncorrected non-compliance with these Principles to appropriate government agencies. The CBBB and DMA have been asked and agreed to work cooperatively to establish accountability mechanisms under the Principles.

It’s a Big Job But Somebody’s Got to Do It

Can an amalgamation of  of a number of industry trade groups that historically have not been involved in technology nor enforcement keep the FTC satisfied? We better hope so.

Personally I feel that a lot of it has to do with the economics behind the process. Can the DAA generate sufficient revenue to properly resource enforcement? Will the industry accept these costs in stride? Do we all understand the alternative?

If you enjoyed this post, please consider adding a comment or subscribing to the RSS feed. Thanks.

 

Advertisements
Comments
  1. Kevin Lee says:

    The solution is ass backwards.

    In CAN-SPAM the government got it right, force disclosure and punish those who lie.

    Costs to implement this need to be fractions of a penny CPM not low single digits. Even $.02 won’t fly for DR advertisers in my opinion. They’ll modify the ad, come up with their own form of disclosure which isn’t third-party certified (but equally accurate) and run that, if at all.

    I don’t see why the privacy information disclosure really needs to be third party served.

    Like CAN-SPAM if you don’t lie the disclosure link on the ad is obvious (perhaps more so than the Power I) and the disclosure is there everyone should be happy.

    In the cases where someone lies there should be repercussions. Better to punish with big fines the transgressors than impose millions of dollars of cost monthly on the entire industry.

    My two cents as a consumer and an advertiser/agency.

    • Jason Heller says:

      “Better to punish with big fines the transgressors than impose millions of dollars of cost monthly on the entire industry.”

      I couldn’t agree more…

      But here are the issues I also forsee:

      1) If the IAB tries to enforce and make this an industry standard practice, and the ad networks, DSP’s and exchanges buy into it, then ads won’t run in the first place without it. I think that’s what they are going for.

      2) CAN SPAM did get it right. What if the alternative to 3rd party monitoring and enforcement is far more strong handed than CAN SPAM, which is what has been discussed. What if legislation requires opt-in for any form of BT or data usage? Probably a far stretch, but possible.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s