Mar 24, 2016
The Self-Regulatory Principles for Online Behavioral Advertising
A How-To Compliance Workshop
Panelists• Genie Barton, VP & Director, Online Interest-Based
Advertising Accountability Program Council of Better Business Bureaus (moderator)
• Peter Kosmala, Managing Director Digital Advertising Alliance
• Scott Meyer, CEO Evidon
• Senny Boone, SVP, Corporate and Social ResponsibilityDirect Marketing Association
Schedule• Presentations
– Peter Kosmala– Scott Meyer– Senny Boone– Genie Barton
• Break-out groups: Test Your OBA IQ• Discussion and Questions
D I G I T A LA D V E R T I S I N GA L L I A N C E
I M P L E M E N T I N G T H E S E L F - R E G U L A T O R Y P R O G R A M
I A P P P R I V A C Y A C A D E M Y | S E P T E M B E R 2 0 1 1
Y O U R S E L F W I T H T H E D A A S E L F - R E G U L A T O R Y P R I N C I P L E S F O R O B A C O M P L I A N C E
1 F A M I L I A R I Z E
The DAA Principles• Education• Transparency• Consumer Control• Data Security• Material Change to Existing OBA Policy/Practices
• Sensitive Data• Accountability
Y O U R O R G A N I Z A T I O N ‘ S R O L E A N D R E S P O N S I B I L I T I E S I N O B A C O M P L I A N C E
2 U N D E R S T A N D
DAA Program ParticipantsParty Publisher/
Publisher Ad Server
Exchange/SSP Ad Network Enhanced Notice Provider
DSP Agency/Advertiser Ad Server
Role Hosts the location where the ad will appear
Optimizing value per impression for the Publisher
Optimizing value for Publisher and Advertiser
Serves the marker on behalf of other players in the process chain
Optimizing value for Advertiser
Coordinate and manage advertiser spend across media providers. Hosts the ad creative that appears on the Web page.
Responsibility Flag to the Ad Network/ Advertiser any issues with the marker. Add the marker if it is not present in the creative.
Add the marker if it is not present in the creative. Comply with the framework so no issues are introduced
Ensure when trafficking the campaign that the ad includes the marker. Add the marker if it is not present in the creative.
Not required, but when present, provide an in-ad interstitial with links to opt-out and more information
Add the marker if it is not present in the creative. Comply with the framework so no issues are introduced
Serve the overlaid marker with the creative as part of standard practice.
Publisher Ad Exchange Advertising Enhanced Demand-side Agency or Ad Server or Supply-side Network Notice Platform (DSP) Advertiser Platform (SSP) Provider Ad Server
T H E D A A A D V E R T I S I N G O P T I O N I C O NC E R T I F I C A T I O N A G R E E M E N T
3 R E V I E W
DAA Certification Agreement• Certification v. License• $5,000 annual fee (USD)• User obligations• Usage guidelines & approvals• Proprietary rights & restrictions• Indemnity• Liability
T H E D A A A D V E R T I S I N G O P T I O N I C O N I N A N YA D C R E A T I V E A N D O N A N Y W E B P A G E W H E R ED A T A I S B E I N G C A P T U R E D F O R O B A P U R P O S E S
4 I M P L E M E N T
DAA Program Components
1. The DAA Advertising Option Icon (“Ad Choices”, “the forward-I”, “CLEAR ad marker”)
DAA Program Components2. The DAA Consumer Choice Page (“COOP” – Consumer Opt-out Web Page)
Contact the DAA
P E T E R K O S M A L A , C I P PP E T E R @ A B O U T A D S . I N F O+1. 2 0 2 . 8 6 1 . 2 4 0 6
Scott Meyer, CEO
Powering the Self-Regulatory Program for Online Behavioral Advertising
Evidon Plays Two Roles
Assurance PlatformDelivers ad/site notice to consumers; helps all businesses comply with Program. All data owned and controlled by client, not Evidon or anyone else.
2. Lab Data
3. Privacy Database
1. Panel Data
Industry Leader in Compliance Services
Technology Provider to the DAA Self-Regulatory
Program
17
Monitoring PlatformDelivers data to CBBB/DMA, primarily from panel, enhanced by lab and other analytics tools, to support Accountability Mechanisms. Enforcement decisions made by BBB/DMA, not Evidon.
Think “Nutritional Label for Ads”…
=
If you do it right: OBA Compliant Trust Mark Build Brand
18
Brands Have Options, And Obligations
1. Buy only through DAA-compliant businessesNetworks, DSPs, publishers have the primary compliance responsibility
2. Use approved providerManage yourself
3. Build your own solution
1. Notice and simple opt-out must be provided by 3rd party/ publisher (or advertiser can provide)
If 3rd party data is being collected for OBA purposes on any website
In Ads Where data is collected
19
Should Advertiser Rely on Network/Publisher?
ProsNo additional workNo direct costDistances brand from association with targetingObligation resides with the network/publisherNetworks/publishers have primary responsibility under the Principles
Cons Limited, if any, highly
manual reporting Icon placement can hurt
campaign performance No brand control – network
has to get it right; no messaging control
No comprehensive opt-out from campaign
Limits buying to compliant companies
20
Best-Practices Ad Notice
21
STEP 2STEP 1
22
…the following companies helped target this ad to you...All vendors
contributing targeting to ad
Easy opt-out from each; reporting proves that the request has been sent
Rich detail on each vendor available
Consumer profile management via ODP
Global opt-out to hundreds of vendors
STEP 3
Best-PracticesAd Notice
Click here to opt out of more companies
23
Open Data Partnership (ODP) — fine tune targeting profiles
Best-Practices Ad Notice
…the following companies helped target this ad to you...
Click here to opt out of more companies
Best-PracticesWebsite Notice
24
Easy opt-out from each; reporting proves that the request has been sent
Rich detail on each collector available
“Happy birthday, and thanks
for the wonderful program,
Ghostery. It's a great add-on,
and makes me feel more
confident about browsing the
web. Keep up the good work…”
(Community
Member)
• 4+ million downloads• 140K+ new per month• 300k member opt-in panel• Tracks 400+ trackers on
over 5 million domains worldwide
• Consumers learn abouttracking and/or block it
Compliance Monitoring for Accountability Program Ghostery — a Massive, Engaged Community…
25
…that Informs the Accountability Program
26
Privacy Database (800+ companies)
InLight Reports30+ trackers found on your site, including:[x+1]
24/7 Real Media 33Across Adconion AddThis AdNexus Advertising.com …
Panel Data (300k members)
• Daily testing of 250+ opt out mechanisms
• Examination of all cookies dropped
• Alert generated if no opt out cookie is found
• Daily review and analysis of all alerts by privacy staff
27
Evidon – Opt Out Compliance Monitoring
The Direct Marketing Association’s Role in OBA Compliance
Senny Boone, Esq.Senior Vice President, Corporate & Social
Responsibility, DMA
Contact: [email protected]
See: www.dmaresponsibility.org www.dmaaction.org
OBA/Interest-Based Ads: Cookies and Tracking
Self-Regulatory Principles for Online Behavioral AdvertisingThe Direct Marketing Association was one of the
trade associations that worked to create the cross-industry Self-Regulatory Principles for Online Behavioral Advertising
DMA & CBBB are providing the “enforcement mechanisms” that satisfy the Accountability Principle and are coordinating their efforts
DMA has incorporated the Principles into its Ethical Guidelines
DMA & Accountability
DMA has a lengthy history in self-regulating its members to build consumer trust across marketing channels.
Today, digital accountability is key to allow for growth and innovation rather than regulation that stifles change.
DMA Guidelines
DMA as an enforcement “mechanism:”
DMA asks its members to follow DMA Guidelines as a condition of membership, OBA is included.
See www.dmaresponsibility.org/Guidelines/
DMA GuidelinesDMA Requirements
1. Publish a Privacy Policy and abide by it
2. ALSO provide an Enhanced Notice Link to Consumers and honor their choices-provide a link in or around the ad.
3. Ensure reasonable data security and limited data retention-for a legitimate business purpose.
DMA GuidelinesDMA Requirements
4. Offer notice and choice for Material Changes to your policies.
5. Obtain Express Consent for Sensitive Information Collection (kids, financial data…)
6. Hold your organization and others accountable.
7. Help to educate-See www.aboutads.info
DMA Compliance ProcessOBA Compliance-Consumers will file complaints via our
www.dmaresponsibility.org site. Consumer must support claims with proof.
-Review and resolve the issue is our goal.-Many complaints can be resolved quickly-But if there is no resolution at staff level or in
cases of egregious, repeated misconduct, the complaint will be sent to the Ethics Operating Committee for review and recommended action.
DMA Compliance ProcessPolicing of the GuidelinesComplaint handling:-Consumers & members complain-Many issues can be resolved immediately-if a company is not being accountable, or if
the action is repeated, egregious a case is brought before DMA’s Ethics Operating Committee
DMA Compliance Process
DMA Ethics Operating Committee (marketing practitioners) follow due process to ensure the company is held accountable while also educating the company on best practices and needed changes.
DMA Ethics Operating Committee demonstrates the strength of peer review in achieving high standards of industry compliance
DMA Compliance Process
Consumers want us to extract punishment, we do not have sanctioning authority.
If Company fails to cooperate, company may be referred to the appropriate authority and/or publicized as non-compliant.
DMA Members may be suspended/removed.
Casework is confidential.
DMA Compliance Process
Consumer Concerns:
-Location & functionality of privacy policy-Role of email service providers-Whether ad is “general” or “OBA”-Control over SPAM-Mysterious 3rd parties
DMA Compliance Process
Company compliance will be measured, and industry compliance across the board will be examined.
Compliance
The Time is Now
Role of Accountability in Self-Regulation
• The Principles require industry-wide compliance– Consumers, legislators, regulators, and competitors
demand that all covered businesses be accountable– Self-regulation succeeds when there is independent,
vigorous enforcement across the entire ecosystem• The Council of Better Business Bureaus and the Digital
Marketing Association are providing accountability for the Self-Regulatory Program– They are working cooperatively to avoid duplication– Our programs are underway
Compliance Timeline• All entities covered by the Principles must:
– Be in compliance NOW, or – Be on a “commercially reasonable” path to compliance
• DMA and IAB have made compliance a condition of membership– Current IAB members had to be in compliance by August
29, 2011 and new members have 6 months
• The Accountability Program has initiated company specific compliance inquiries and is working to resolve those inquiries to bring those companies into compliance
Compliance Survey• The BBB’s Accountability Program has sent letters to 250
ad networks and web publishers:– Letters contain a questionnaire on compliance status – Accountability Program is offering companies assistance in
understanding compliance requirements
• You have been provided with a copy of the letter and survey, please fill it out so we can assist you– If you are working for a company that is operating in the
advertising ecosystem, please make sure the person in your company that is in charge of compliance completes the survey
– If you represent clients who may have compliance obligations, please ensure that they participate in the survey
CBBB/DMA Enforcement Has Started
What you need to do:
• You need to be in compliance now or have a commercially reasonable plan for coming into compliance
• License icon from DAA (www.aboutads.info)• Put on icon on every page where OBA ad is delivered• Networks, et. al. – provide opt-out either through DAA opt-out page
or other easy-to-use opt-out mechanism• Deliver enhanced notice and choice of collection and use of
information for OBA purposes
Accountability Program Compliance Is Underway Using Many Sources
• Monitoring Technology provided by Evidon• Complaints from consumers, competitors,
privacy advocates and academics• Academic research• Inquiries and compliance reviews• Goal: help companies to achieve compliance
Accountability Review Process• Company receives notification of inquiry and request
for evidence of compliance
• Accountability Program reviews submissions and formulates recommendations
• If non-compliance found, Accountability Program issues public decision, including company’s agreement to implement recommendations
• Accountability Program may refer company that refuses to participate, to correct non-compliant practices, or to implement recommendations to the Federal Trade Commission
Association Implementation • All DMA members – as a condition of membership –
are required to comply with the DMA’s Guidelines for Ethical Business Practice, which have been expanded to include the Principles.
• IAB members are also required to comply with the Principles as a condition of membership.
• Associations providing tool kits to members
FTC OBA Enforcement: Chitika
• First FTC case involving OBA
• Privacy Policy: Promised consumer an opt out
• Opt-out cookie expired after 10 days
Chitika OrderRequirements in Blue Same or Similar to the Principles
• 20-year order period• Affirmative action by consumer before redirecting to third
party• Notice and hyperlink in Ad to opt out (like icon)• 5-year minimum opt-out period (Principles)• Opt out of collection for the purpose of delivering targeted
ads (Principles)
Need Compliance Guidance?• Read the Principles and Implementation Guidelines at
www.aboutads.info • Contact BBB: Genie Barton, Vice President & Director
of the Online Interest-Based Advertising Accountability Program at [email protected]
• Contact DMA: Senny Boone, Senior Vice President, Corporate and Social Responsibility at [email protected]
Other Resources• The Principles, Implementation Guides, Opt-out Page,
and information on licensing the icon available at www.AboutAds.info
• Compliance services provided by Approved Providers, Evidon, DoubleVerify, and TRUSTe
• DAA member organizations have webinars and tool kits available
Break Out Sessions to Answer OBA IQ Questions