John Gamble
Marketing Manager | TRUSTe
@johnaddison
On Monday, the Digital Advertising Alliance (DAA) released new principles amending its Self-Regulatory Program for Online Behavioral Advertising (OBA). This move comes on the heels of criticism from consumer interests groups and the FTC, who have taken issue with data collection activities that persist despite consumer opt-outs. These new DAA “Self-Regulatory Principles for Multi-site Data” govern data collection and use that occurs outside of behavioral advertising activities. More specifically, they address “multi-site data”, which is data collected about a user over time and across non-affiliate websites. You should know these five things about the new principles:
1. You’ve got (some) time to comply
The DAA has announced that these new principles are “intended to be implemented in 2012”. No hard deadline has been set, but it’s reasonable to expect that they will begin enforcing them in early 2012 since they already have accountability mechanisms up and running.
2. You’ll need notice and choice for multi-site data collection
If you’re a third-party or service provider who collects or shares multi-site data for purposes other than OBA, then you too will need to offer consumers privacy notice and choice. Exceptions are made only when this data is used for systems management, market research, product development, or where it is de-identified.
3. You can’t collect or use multi-site data to make employment, health care, credit or insurance decisions
If you share multi-site data with a partner or third-party, however, and they use it to make such decisions you will not be held liable, provided you have a reasonable basis for believing they would not use the data in this way.Having trust in your data partners’ integrity will become increasingly important.
4. No opt-in consent? No health or financial data!
Financial account numbers, Social Security numbers, pharmaceutical prescriptions and medical records will be specifically off-limits to third parties or services providers collecting multi-site data, unless consumers have explicitly okayed such collection or use via opt-in mechanisms.
5. This is bigger than behavioral advertising
The DAA may operate the Self-Regulatory Program for Online Behavioral Advertising, but these new principles demonstrate that traditional behavioral advertising is just the first stop on the road to successful self-regulation. Putting icons and opt-out choices in billions of online ads is not the final endgame for the industry; companies will need to leverage more comprehensive, higher-level privacy solutions that address everything from “personalization” to “data leakage”.
