Online behavioral advertising involves the collection of data about individuals' online activities in order to deliver targeted advertisements. While this allows for personalized ads, many users are concerned about privacy and a lack of anonymity online. Both regulators and legislators have responded by introducing laws and guidelines to increase transparency, consent, and security around the collection and use of personal data for behavioral advertising. Industry groups have also developed self-regulatory principles, but enforcement of these is ongoing.
3. most internet users would like to be anonymous*
perceptions of personalization
have taken steps online to remove or mask their digital footprin
have taken steps to avoid observation
have had email or social networking account compromised
*Pew Internet & American Life Project, September 2013
4. Technological innovation comes with Massive
RiskMany believe person info has been stolen or used improperly
perceptions of personalization
have been stalked
or harassed
have had personal
information stolen
have been the victim
of an online scam
have had their reputation
damaged
have been led into
physical danger
5. regulatory response
February 2012:
• Obama releases Report: Consumer Data Privacy in a Networked
World
✴ Consumer Privacy Bill of Rights
✴ Control, Transparency, Context, Security Access/Accuracy, Collection &
Accountability
June 2013:
• FTC: Julie Brill “FTC is ramping up enforcement” against those who
break federal privacy laws, especially in the expanding new world of
smartphones and mobile apps
6. Georgia Congressman Hank Johnson
introduced the bipartisan Application
Privacy, Protection and
Security (APPS) Act of 2013 (H.R. 1913)
• Notice + Consent
• Self-Regulation
• Opt Out
• Security
• Enforcement: FTC
federal legislative response
7. state legislative response
California: “Do not Track”" law effective January 1, 2014
• Who: Any operator of a website, online service, or mobile
app
• How: If personally-identifiable info about CA residents is
collected
• What: Must include do-not-track disclosures in its privacy
policy
• Implications: Applies to ANY online business
8. state legislative response
California: S.B. 568 enacts two new statutes under the
title “Privacy Rights for California Minors in the Digital
World.”
• Business & Professions Code section 22580, prohibits
advertising certain products to minors online
• Business & Professional Code section 22581, requires
business to provide an online “eraser button” for
remorseful minors
• Implications: Applies to ANY online business
9. industry response
Who 1) BBB-ASRC, 2) DAA, 3) PMA, 4) MMA
• Self-regulatory principles:
http://www.iab.net/media/file/ven-principles-07-01-09.pdf
• January 1, 2014: deadline ot provide notice and choice to
consumers about collection and use of data for (OBA)
10. industry enforcement
Scottrade and BMW : Companies were in compliance with the in-ad notice
requirements but not with Transparency and Consumer Control Principles.
1. Did not include an OBA describing the OBA activity occurring
2. Did not include either a link to an industry-developed consumer choice
page or list of every third party conducting OBA activity
3. Did not include ensure that an enhanced notice link was present on every
page of its website where data collection or use for OBA occurred
4. Did not indicate its adherence to the OBA Principles on its website
11. industry enforcement cont.
• Volkswagen: complied with the in-ad notice requirements,
but not with the Transparency and Consumer Control Principles.
• 23andMe, 3Q Digital, and MediaMath: Campaign managed by 23andMe’s
digital marketing agency (3Q Digital) used demand-side platform provided
by MediaMath (self-serve)
• Each company assumed one of the others was in charge of complying with
the Self-Regulatory Principles, but none actually did.
12. FTC enforcement
• FTC tasked with safeguarding Consumers & Markets
• Broad authority
• Focus on Uses/Abuses of “Big Data”
★ Fair credit Reporting Act
✴ Transparency
✴ Notice + Choice
• Privacy By Design
★ HTC
13. FTC enforcement cont.
• 2013: FTC Staff Revises Online Advertising Disclosure Guidelines
• July 1, 2013: FTC releases updated COPPA Rule
• CAN-SPAM Act
• Civil Litigation: Google/Double Click
★ Violated state consumer protection placing advertising tracking
cookies
★ FTC fined Google $22.5 million in 2012 over similar practices
that violated an earlier settlement