Blog

Home › Blog

EU Update: Are you Ready for the Imminent Changes in Europe’s Data Protection Law?
Submitted by Leigh Freund on July 20, 2017

Today’s blog post is dedicated to an update on privacy regulations that the European Union is planning to implement in less than a year that will have a significant impact on our members and the entire adtech industry.  The EU “General Protection Data Requirements” (GDPR) takes effect on May 25, 2018. Hailed as the most significant change in data protection law in over 20 years, the GDPR will impose many new obligations on controllers and processors of "personal data," an expanded definition that encompasses many of the data types typically collected and used by digital advertising technology companies.

GDPR will require companies to provide consumers with clear, unambiguous consent choices, data portability, a right to access data, and consent revocation, among other obligations.  The cost of non-compliance is significant.  GDPR includes an increased extra-territorial applicability and a significant increase in the penalties for non-compliance.  Fines for non-compliance are up to four percent of annual global turnover or 20 million Euros, whichever is greater. An overview of the GDPR’s key changes can be found here.

Many of our members have asked what NAI can do to help companies prepare for the obligations they will face under the GDPR.  NAI's current Codes of Conduct and guidance documents are applicable to the United States.  However, NAI's technical expertise and knowledge of our industry and its various business models make us uniquely qualified to be of assistance as we attempt to craft solutions that protect consumers' privacy, but also allow for companies to continue to innovate and conduct business in Europe.

I have been travelling to Europe on a regular basis this year to meet with industry colleagues and EU regulators.  I am delighted to report that NAI has been invited by the IAB Europe to be an active participant in its GDPR Implementation Working Group (GIG).  The GIG, made up of IAB Europe members dedicated to meaningful privacy and business solutions for GDPR implementation, has been working hard to develop position papers and helpful guidance documents on numerous points of GDPR compliance. We meet frequently, both in person and in virtual meetings, to determine the best path for both privacy protection and business continuity.

IAB Europe's GIG has produced a GDPR Compliance Primer, designed to share with executives and business owners within member companies in order to expand companies' understanding of the complex obligations required of data controllers and processors of European consumer data. The full paper can be found here.

As the GIG continues its work, NAI will share its output with member companies. We also want your input on key aspects of compliance.

If you have any questions or wish to discuss any issue of GDPR compliance with NAI staff, please don't hesitate to contact us. If you are interested in participating more actively in the IAB Europe and its GIG, information on membership can be found on the IAB Europe's website

Read more

NAI Featured in DatingAdvice.com Article on Sensitive Data and Consumer Privacy
Submitted by NAI on June 5, 2017

NAI was featured today on DatingAdvice.com in an article, The Network Advertising Initiative (NAI) Ensures Top Ad Companies Don’t Collect Your Sensitive Browsing Information Without Consent, that focuses on the role NAI plays in promoting responsible data collection and consumer privacy.

“The Network Advertising Initiative (NAI) recognizes the need for discretion as well as personalization in online advertising,” wrote Dating Advice.com editor Hayley Matthews. “This groundbreaking organization seeks to promote consumer privacy and trust by creating and enforcing high standards for responsible data collection and use in online advertising and in mobile environments among its members.”

Anthony Matyjaszewski, VP of Compliance and Membership, discussed NAI’s approach to privacy and data collection and how the consumer’s trust is always a priority.  “There’s a presumption of anonymity when browsing the web, but that’s not always the case,” Anthony told DatingAdvice.com. “When a company collects data online, NAI ensures they’re doing things the right way.  If you have a private or sensitive issue, you may not want to get ads reflecting that.  To lessen the ad’s potential to cause embarrassment, advertisers in our network can require an opt in from users.”

Read the full article here.

For more information about NAI’s new Consumer Opt-Out tool, click here.

Read more

2017 NAI Summit Summary: My Five Takeaways (plus a Sixth Bonus Takeaway)
Submitted by Leigh Freund on June 2, 2017

By: Leigh Freund, President and CEO of NAI

The 2017 NAI Summit was a great success!  More than 120 NAI member company representatives joined us on May 14 at Chelsea Pier in New York for a day of great panel discussions and presentations.  It was a beautiful, warm spring day at an awesome venue.  I have a few favorite moments and some thoughts about the day that I’d like to share. But first I wanted to recognize our summit sponsors:  Criteo, Google, PlaceIQ, AppNexus, Yahoo!, AOL, Davis & Gilbert LLP, DataXu, Engine Media, Zwillgen and Keller and Heckman LLP.  We could not have had a successful event without the support of these sponsors.  Thank you!

NAI member companies are committed to meaningful and responsible consumer privacy for the digital advertising ecosystem. It’s a significant and important mission, and one I take very seriously. The NAI Summit always provides an opportunity to reflect on where this commitment has taken us and where we still need to go, and allows all of us to renew our commitment to providing real value to our members and to the digital advertising industry overall.

I want to thank our keynote speaker, FTC Commissioner Terrell McSweeny, who participated in a “fireside chat” with me.  It was an interesting discussion and I appreciate Commissioner McSweeny’s thoughts on what to expect with a new regulatory environment in DC.  I also appreciate her noting the importance of self-regulation: “Organizations like yours have a real role to play,” she said about NAI.  “You can keep pace with dynamic changes of technologies – it’s harder when reacting as an enforcement agency – we are looking at cases that happened one or two years later.  We are behind in marketplace (which is appropriate) while you are at the front of them.  We all want to give consumers meaningful choices so they trust the technology and buy it. If they don’t trust it they won’t buy it.”

Here are a few of my takeaways from the 2016 NAI Summit:

First, and most importantly, NAI and its member companies have shown that self-regulation works, but we must constantly keep evolving to keep up with emerging technologies.  New technologies continue to change the game, pushing NAI to stay ahead of the curve and help our members innovative with privacy in mind – and by design. Just last month, we released new choice tools in collaboration with the Digital Advertising Alliance – the DAA.  These tools were the first to offer a technology-based opt-out for both cookie-based and non-cookie technologies.  This week we released Cross-Device Linking Guidance for NAI Members. This is the type of ongoing collaboration and interaction with our members that makes us unique and ensures that our Code remains principled and inclusive of new technology.

The EU’s GDRP is coming and now is the time for all of us to prepare our companies and engage with European regulators. There was an important panel discussion led by NAI outside Counsel Sheila Millar about “Data Definitions across the World.”  Panelists, including Matthias Mattheisen, Senior Manager, Privacy & Public Policy, IAB Europe; Oliver Gray, Director-General, European Interactive Digital Adverting Alliance; Mike Hintze, Partner at Hintze Law; and, Estelle Werth, Vice President and Global Privacy Officer at Criteo, discussed the challenges that our industry is facing with the different definitions of personal identifiable information (PII) in Europe, the U.S. and other countries.  Mattheisen and Gray discussed the European Union’s General Data Protection Plan (GDPR) and its expanded definition of PII.  All companies must be in full compliance with the GDPR roughly one year from now (May 25, 2018), and panelists urged companies to remain engaged with European regulators on these issues.  I’ve already travelled to Europe several times this year and intend to continue to meet with European regulators and industry leaders to discuss our self-regulation efforts, specifically NAI’s robust compliance and enforcement efforts and our commitment to serious and responsible privacy practices.

The regulatory push from Washington may be slowing down, but the pace from federal and state state legislatures is speeding up.  I participated on a panel on the “Washington Regulatory and Legislative Environment” moderated by WilmerHale Partner Reed Freeman.  Other panelists included Gina Woodworth, Vice President at the Internet Association; DMA Senior Vice President Emmett O’Keefe; and, Noga Rosenthal, Chief Privacy Officer at Epsilon.  My takeaway was that the Trump administration is still working to fill many positions in the agencies, which makes it less likely that there will be much regulatory activity on our issues from DC in the near future.  While it at first appeared that Congress was unlikely to take action on privacy matters, as evidenced by the recent Congressional repeal of internet privacy regulations adopted by the Federal Communications Commission, we came back from the Summit to a House of Representatives bill that would impose FCC-type privacy requirements on edge companies (that’s you!) – more to come on that from me soon.  In addition, state legislatures (and even cities) are taking a much more active role.  Privacy bills have been introduced in several states, including Illinois, Vermont and Washington.  These bills often have unclear and/or broad definitions of the companies they impact, and have potentially troublesome effects on our industry.  NAI is actively working with other industry groups to explain our industry’s technology to policymakers and lawmakers, and ensure a balanced approach to regulation and legislation.

The News on Fake News: More Challenges Ahead.  I moderated a fascinating panel discussion on the “Implications of the Fake News Phenomenon on Digital Ad Companies.” I’m proud to say that I am fairly certain that this was the first all-female panel ever at an NAI summit.  I was joined by Ghita Harris-Newton, Chief Privacy Officer & Deputy General Counsel at Quantcast; Adroll General Counsel Stephanie King; Alice Lincoln, Vice President at MediaMath and Shelly Paioff, VP, Legal Affairs at Taboola. We defined “fake news” as information that is intentionally deceptive; however, panelists acknowledged that satire is a bit of a grey area.  While brands such as The Onion makes it obvious that the “news” it is sharing is satire, this sometimes gets lost when headlines are reposted on social media platforms. Panelists stated that, as ad tech companies, we all have an interest in making our advertisers happy.  One doesn’t need to make a moralistic or political judment about news sites.  The industry consensus is to build safe spaces for our advertisers and support our clients’ needs.  Unfortunately, the growing use of fake news will continue to create challenges for our industry, and it’s up to us to educate consumers about what is fake news and to develop industry best practices that could open the door for more transparency.

The ad tech industry needs to be smart about smart TVs.  NAI Board member Allan Chapell led a discussion about “Privacy Implications of Technology Innovations.” The discussion focuses on the growing popularity of Smart TVs and the new technologies that are being introduced that could fundamentally change TV viewing in the future but also create privacy concerns.  Panelists included Lucid Privacy Group Founder Colin O’Malley; SambaTV CEO Ashwin Navin; and, Mark Partin, Managing Counsel at Oracle.  Televisions have been the one screen that has been slow to join the cross-device advertising space.  The industry needs to be sensitive to the fact that consumers will need to be educated on the value exchange of a better television watching experience in return for sharing data.  This nascent industry is about to take off and there may be a role for self-regulatory organizations like NAI to help create the “rule of the road” for this exciting new technology.

Finally, my bonus takeaway is this: the NAI has a great staff that makes everything we do possible.  I want to thank Anthony Matyjaszewski, Julie Karasik, William Lee, Grant Nelson and Matt Nichols for their hard work in creating and organizing our most interesting and informative summit yet! 

We have a lot of work to do!  The Summit, as with every opportunity we have to interact with the incredible talent our member companies employ, left us energized and excited about the future.

 

We want your insights.  Share your Summit takeaways with us on Twitter using #NAISummit or post them on our Facebook page.  Or send me an email at leigh@networkadvertising.org.  We want to hear from you! 

Read more

NAI Releases New Cross-Device Guidance
Submitted by Anthony Matyjas... on May 22, 2017

The NAI is pleased to announce our newly finalized Guidance for NAI Members: Cross-Device Linking (Guidance)The Guidance was formally released to the NAI membership on May 22, 2017 and goes into effect on June 19, 2017 after a brief implementation period.

What to Know Now

The Guidance formally brings the linking of devices for ad targeting purposes under the scope of the NAI’s compliance and enforcement efforts. It applies the principles of the NAI Codes, including the NAI’s well-known high standards for notice and choice to the linking of devices in the digital advertising space. The NAI Cross-Device Guidance is consistent with the cross-device requirements of the Digital Advertising Alliance (DAA).

How Cross-Device Advertising Works

To make advertising more effective, Internet advertisers try to present consumers with ads that are relevant and useful.  In order to accomplish this, third parties like NAI member advertising technology companies and digital advertisers collect information across some of the sites consumers visit and apps they use.  [It is important to remember that the information collected is not personally identifiable, such as a name or social security number.  Rather, the information typically includes inferences about consumer interests and demographics.]  Then, the collected information is linked to a consumer’s browser or mobile device so that the best, most interesting ads can be served.

This system, developed over the past twenty years, is keeping pace with today’s digital environment.  Consumers are increasingly accessing the Internet through many different browsers and applications across many different devices.  When people use smartphones, laptops, and tablets, third-party digital advertising companies like NAI members may try to link those devices or browsers in order to better serve targeted ads

For example, an advertiser may seek to display an ad campaign for a product on a user’s laptop browser and again in the same user’s smartphone application. Similarly, an advertiser may be able to attribute a purchase made on a laptop to an ad initially seen on a smartphone as a measure of the effectiveness of an ad campaign.

Self-Regulation’s Role

While technology changes, the NAI’s commitment to strong self-regulation remains steadfast.  The new Guidance spells out that the Codes now apply to members who are engaged in cross-device linking for digital advertising.  With the Guidance in place, consumers can expect the same high level of respect for privacy that has come to be synonymous with membership in the NAI.  In complying with the Guidance, NAI members will provide clear notice of cross-device activity and respect consumer choices.

What to Watch for

Look for a member webinar to be scheduled in the coming weeks to discuss the Guidance. NAI staff will also be available via email or telephone to answer questions or address concerns from NAI members.

Read more

Member ViewPoint

Key NAI Resources

Archives