The Self-Regulatory Principles for Online Behavioral Advertising

The Self-Regulatory Principles for Online Behavioral Advertising

A How-To Compliance Workshop

Panelists• Genie Barton, VP & Director, Online Interest-Based

Advertising Accountability Program Council of Better Business Bureaus (moderator)

• Peter Kosmala, Managing Director Digital Advertising Alliance

• Scott Meyer, CEO Evidon

• Senny Boone, SVP, Corporate and Social ResponsibilityDirect Marketing Association

Schedule• Presentations

– Peter Kosmala– Scott Meyer– Senny Boone– Genie Barton

• Break-out groups: Test Your OBA IQ• Discussion and Questions

D I G I T A LA D V E R T I S I N GA L L I A N C E

I M P L E M E N T I N G T H E S E L F - R E G U L A T O R Y P R O G R A M

I A P P P R I V A C Y A C A D E M Y | S E P T E M B E R 2 0 1 1

Y O U R S E L F W I T H T H E D A A S E L F - R E G U L A T O R Y P R I N C I P L E S F O R O B A C O M P L I A N C E

1 F A M I L I A R I Z E

The DAA Principles• Education• Transparency• Consumer Control• Data Security• Material Change to Existing OBA Policy/Practices

• Sensitive Data• Accountability

Y O U R O R G A N I Z A T I O N ‘ S R O L E A N D R E S P O N S I B I L I T I E S I N O B A C O M P L I A N C E

2 U N D E R S T A N D

DAA Program ParticipantsParty Publisher/

Publisher Ad Server

Exchange/SSP Ad Network Enhanced Notice Provider

DSP Agency/Advertiser Ad Server

Role Hosts the location where the ad will appear

Optimizing value per impression for the Publisher

Optimizing value for Publisher and Advertiser

Serves the marker on behalf of other players in the process chain

Optimizing value for Advertiser

Coordinate and manage advertiser spend across media providers. Hosts the ad creative that appears on the Web page.

Responsibility Flag to the Ad Network/ Advertiser any issues with the marker. Add the marker if it is not present in the creative.

Add the marker if it is not present in the creative. Comply with the framework so no issues are introduced

Ensure when trafficking the campaign that the ad includes the marker. Add the marker if it is not present in the creative.

Not required, but when present, provide an in-ad interstitial with links to opt-out and more information

Add the marker if it is not present in the creative. Comply with the framework so no issues are introduced

Serve the overlaid marker with the creative as part of standard practice.

Publisher Ad Exchange Advertising Enhanced Demand-side Agency or Ad Server or Supply-side Network Notice Platform (DSP) Advertiser Platform (SSP) Provider Ad Server

T H E D A A A D V E R T I S I N G O P T I O N I C O NC E R T I F I C A T I O N A G R E E M E N T

3 R E V I E W

DAA Certification Agreement• Certification v. License• $5,000 annual fee (USD)• User obligations• Usage guidelines & approvals• Proprietary rights & restrictions• Indemnity• Liability

T H E D A A A D V E R T I S I N G O P T I O N I C O N I N A N YA D C R E A T I V E A N D O N A N Y W E B P A G E W H E R ED A T A I S B E I N G C A P T U R E D F O R O B A P U R P O S E S

4 I M P L E M E N T

DAA Program Components

1. The DAA Advertising Option Icon (“Ad Choices”, “the forward-I”, “CLEAR ad marker”)

DAA Program Components2. The DAA Consumer Choice Page (“COOP” – Consumer Opt-out Web Page)

Contact the DAA

P E T E R K O S M A L A , C I P PP E T E R @ A B O U T A D S . I N F O+1. 2 0 2 . 8 6 1 . 2 4 0 6

Scott Meyer, CEO

Powering the Self-Regulatory Program for Online Behavioral Advertising

Evidon Plays Two Roles

Assurance PlatformDelivers ad/site notice to consumers; helps all businesses comply with Program. All data owned and controlled by client, not Evidon or anyone else.

2. Lab Data

3. Privacy Database

1. Panel Data

Industry Leader in Compliance Services

Technology Provider to the DAA Self-Regulatory

Program

17

Monitoring PlatformDelivers data to CBBB/DMA, primarily from panel, enhanced by lab and other analytics tools, to support Accountability Mechanisms. Enforcement decisions made by BBB/DMA, not Evidon.

Think “Nutritional Label for Ads”…

=

If you do it right: OBA Compliant Trust Mark Build Brand

18

Brands Have Options, And Obligations

1. Buy only through DAA-compliant businessesNetworks, DSPs, publishers have the primary compliance responsibility

2. Use approved providerManage yourself

3. Build your own solution

1. Notice and simple opt-out must be provided by 3rd party/ publisher (or advertiser can provide)

If 3rd party data is being collected for OBA purposes on any website

In Ads Where data is collected

19

Should Advertiser Rely on Network/Publisher?

ProsNo additional workNo direct costDistances brand from association with targetingObligation resides with the network/publisherNetworks/publishers have primary responsibility under the Principles

Cons Limited, if any, highly

manual reporting Icon placement can hurt

campaign performance No brand control – network

has to get it right; no messaging control

No comprehensive opt-out from campaign

Limits buying to compliant companies

20

Best-Practices Ad Notice

21

STEP 2STEP 1

22

…the following companies helped target this ad to you...All vendors

contributing targeting to ad

Easy opt-out from each; reporting proves that the request has been sent

Rich detail on each vendor available

Consumer profile management via ODP

Global opt-out to hundreds of vendors

STEP 3

Best-PracticesAd Notice

Click here to opt out of more companies

23

Open Data Partnership (ODP) — fine tune targeting profiles

Best-Practices Ad Notice

…the following companies helped target this ad to you...

Click here to opt out of more companies

Best-PracticesWebsite Notice

24

Easy opt-out from each; reporting proves that the request has been sent

Rich detail on each collector available

“Happy birthday, and thanks

for the wonderful program,

Ghostery. It's a great add-on,

and makes me feel more

confident about browsing the

web. Keep up the good work…”

(Community

Member)

• 4+ million downloads• 140K+ new per month• 300k member opt-in panel• Tracks 400+ trackers on

over 5 million domains worldwide

• Consumers learn abouttracking and/or block it

Compliance Monitoring for Accountability Program Ghostery — a Massive, Engaged Community…

25

…that Informs the Accountability Program

26

Privacy Database (800+ companies)

InLight Reports30+ trackers found on your site, including:[x+1]

24/7 Real Media 33Across Adconion AddThis AdNexus Advertising.com …

Panel Data (300k members)

• Daily testing of 250+ opt out mechanisms

• Examination of all cookies dropped

• Alert generated if no opt out cookie is found

• Daily review and analysis of all alerts by privacy staff

27

Evidon – Opt Out Compliance Monitoring

The Direct Marketing Association’s Role in OBA Compliance

Senny Boone, Esq.Senior Vice President, Corporate & Social

Responsibility, DMA

Contact: [email protected]

See: www.dmaresponsibility.org www.dmaaction.org

OBA/Interest-Based Ads: Cookies and Tracking

Self-Regulatory Principles for Online Behavioral AdvertisingThe Direct Marketing Association was one of the

trade associations that worked to create the cross-industry Self-Regulatory Principles for Online Behavioral Advertising

DMA & CBBB are providing the “enforcement mechanisms” that satisfy the Accountability Principle and are coordinating their efforts

DMA has incorporated the Principles into its Ethical Guidelines

DMA & Accountability

DMA has a lengthy history in self-regulating its members to build consumer trust across marketing channels.

Today, digital accountability is key to allow for growth and innovation rather than regulation that stifles change.

DMA Guidelines

DMA as an enforcement “mechanism:”

DMA asks its members to follow DMA Guidelines as a condition of membership, OBA is included.

See www.dmaresponsibility.org/Guidelines/

DMA GuidelinesDMA Requirements

1. Publish a Privacy Policy and abide by it

2. ALSO provide an Enhanced Notice Link to Consumers and honor their choices-provide a link in or around the ad.

3. Ensure reasonable data security and limited data retention-for a legitimate business purpose.

DMA GuidelinesDMA Requirements

4. Offer notice and choice for Material Changes to your policies.

5. Obtain Express Consent for Sensitive Information Collection (kids, financial data…)

6. Hold your organization and others accountable.

7. Help to educate-See www.aboutads.info

DMA Compliance ProcessOBA Compliance-Consumers will file complaints via our

www.dmaresponsibility.org site. Consumer must support claims with proof.

-Review and resolve the issue is our goal.-Many complaints can be resolved quickly-But if there is no resolution at staff level or in

cases of egregious, repeated misconduct, the complaint will be sent to the Ethics Operating Committee for review and recommended action.

DMA Compliance ProcessPolicing of the GuidelinesComplaint handling:-Consumers & members complain-Many issues can be resolved immediately-if a company is not being accountable, or if

the action is repeated, egregious a case is brought before DMA’s Ethics Operating Committee

DMA Compliance Process

DMA Ethics Operating Committee (marketing practitioners) follow due process to ensure the company is held accountable while also educating the company on best practices and needed changes.

DMA Ethics Operating Committee demonstrates the strength of peer review in achieving high standards of industry compliance

DMA Compliance Process

Consumers want us to extract punishment, we do not have sanctioning authority.

If Company fails to cooperate, company may be referred to the appropriate authority and/or publicized as non-compliant.

DMA Members may be suspended/removed.

Casework is confidential.

DMA Compliance Process

Consumer Concerns:

-Location & functionality of privacy policy-Role of email service providers-Whether ad is “general” or “OBA”-Control over SPAM-Mysterious 3rd parties

DMA Compliance Process

Company compliance will be measured, and industry compliance across the board will be examined.

Compliance

The Time is Now

Role of Accountability in Self-Regulation

• The Principles require industry-wide compliance– Consumers, legislators, regulators, and competitors

demand that all covered businesses be accountable– Self-regulation succeeds when there is independent,

vigorous enforcement across the entire ecosystem• The Council of Better Business Bureaus and the Digital

Marketing Association are providing accountability for the Self-Regulatory Program– They are working cooperatively to avoid duplication– Our programs are underway

Compliance Timeline• All entities covered by the Principles must:

– Be in compliance NOW, or – Be on a “commercially reasonable” path to compliance

• DMA and IAB have made compliance a condition of membership– Current IAB members had to be in compliance by August

29, 2011 and new members have 6 months

• The Accountability Program has initiated company specific compliance inquiries and is working to resolve those inquiries to bring those companies into compliance

Compliance Survey• The BBB’s Accountability Program has sent letters to 250

ad networks and web publishers:– Letters contain a questionnaire on compliance status – Accountability Program is offering companies assistance in

understanding compliance requirements

• You have been provided with a copy of the letter and survey, please fill it out so we can assist you– If you are working for a company that is operating in the

advertising ecosystem, please make sure the person in your company that is in charge of compliance completes the survey

– If you represent clients who may have compliance obligations, please ensure that they participate in the survey

CBBB/DMA Enforcement Has Started

What you need to do:

• You need to be in compliance now or have a commercially reasonable plan for coming into compliance

• License icon from DAA (www.aboutads.info)• Put on icon on every page where OBA ad is delivered• Networks, et. al. – provide opt-out either through DAA opt-out page

or other easy-to-use opt-out mechanism• Deliver enhanced notice and choice of collection and use of

information for OBA purposes

Accountability Program Compliance Is Underway Using Many Sources

• Monitoring Technology provided by Evidon• Complaints from consumers, competitors,

privacy advocates and academics• Academic research• Inquiries and compliance reviews• Goal: help companies to achieve compliance

Accountability Review Process• Company receives notification of inquiry and request

for evidence of compliance

• Accountability Program reviews submissions and formulates recommendations

• If non-compliance found, Accountability Program issues public decision, including company’s agreement to implement recommendations

• Accountability Program may refer company that refuses to participate, to correct non-compliant practices, or to implement recommendations to the Federal Trade Commission

Association Implementation • All DMA members – as a condition of membership –

are required to comply with the DMA’s Guidelines for Ethical Business Practice, which have been expanded to include the Principles.

• IAB members are also required to comply with the Principles as a condition of membership.

• Associations providing tool kits to members

FTC OBA Enforcement: Chitika

• First FTC case involving OBA

• Privacy Policy: Promised consumer an opt out

• Opt-out cookie expired after 10 days

Chitika OrderRequirements in Blue Same or Similar to the Principles

• 20-year order period• Affirmative action by consumer before redirecting to third

party• Notice and hyperlink in Ad to opt out (like icon)• 5-year minimum opt-out period (Principles)• Opt out of collection for the purpose of delivering targeted

ads (Principles)

Need Compliance Guidance?• Read the Principles and Implementation Guidelines at

www.aboutads.info • Contact BBB: Genie Barton, Vice President & Director

of the Online Interest-Based Advertising Accountability Program at [email protected]

• Contact DMA: Senny Boone, Senior Vice President, Corporate and Social Responsibility at [email protected]

Other Resources• The Principles, Implementation Guides, Opt-out Page,

and information on licensing the icon available at www.AboutAds.info

• Compliance services provided by Approved Providers, Evidon, DoubleVerify, and TRUSTe

• DAA member organizations have webinars and tool kits available

Break Out Sessions to Answer OBA IQ Questions