Skip the navigation

Group: Online ad networks mostly comply with privacy rules

By Grant Gross
December 30, 2009 02:28 PM ET

IDG News Service - Despite concerns from some privacy groups and U.S. lawmakers about behavioral advertising, most large advertising networks generally comply with a set of privacy and data-handling standards adopted by the Network Advertising Initiative a year ago, the NAI said in a report released Wednesday.

The NAI's first annual audit of its members privacy and data-handling practices found "no compliance deficiencies" in most areas of the group's guidelines. The group's 38 members had appropriate mechanisms in place for Web users to opt out of targeted advertising, they complied with rules for the collection and use of personal data, and they had reasonable security measures in place to protect the data, NAI's report said.

"For self-regulation to be effective, there has to be a thorough and ongoing compliance process," Charles Curran, NAI's executive director, said in a statement. "The 2009 review shows that NAI members take consumer transparency and choice for online behavioral advertising very seriously, and are committed to meeting the requirements of the NAI Code. More importantly, this review shows how a strong self-regulatory program can help companies continuously improve their privacy standards by adopting best practices from across the industry."

NAI members encountered a couple of compliance problems, however. Ten NAI members did not disclose the length of their data retention periods for data used in behavioral advertising, as required in the guidelines. In addition, several members had weak programs to encourage their online partners to give customers notice and choice about behavioral advertising, the report said.

The NAI "found that the evaluated members largely lack robust programs for enforcing contractual notice requirements, or for otherwise ensuring that notice is present where data is collected or used for behavioral advertising," the report said. "NAI staff believes that member companies must take additional steps to help implement Web site publication of notice and choice mechanisms."

The 10 members that were not disclosing their data retention periods have either come into compliance or plan to do so shortly, the NAI said. NAI will work with member companies to develop a "comprehensive partner notice implementation plan" in the coming months, the report said.

The report comes after several privacy groups and U.S. lawmakers raised concerns over the past two years about online ad networks tracking Web users in order to deliver personalized advertising. Privacy groups such as the Center for Democracy and Technology (CDT) have called on the U.S. Congress to pass privacy legislation that would regulate how businesses use personal information.

NAI, whose members include Google, Yahoo and, should be praised for doing a compliance report after skipping it for several years, said Ari Schwartz, vice president and chief operating officer CDT. However, the group should consider using a third party to audit compliance of its privacy guidelines, instead of having NAI staff do the audits, he said.

Reprinted with permission from Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies
Blog Spotlight

This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.