Privacy and Advertising: Self-Regulation 101

Perfecting the Pitch—Solve Big Problems with Unique Solutions

Privacy and Advertising: Self-Regulation 101

A couple of months ago, we gave you five privacy tips relevant to startups and told you about the consequences startups face from regulators if they fail to protect their users’ privacy. Regulators like the Federal Trade Commission (FTC), the Federal Communications Commission (FCC), the Consumer Financial Protection Bureau (CFPB), state Attorneys General, and even the Securities and Exchange Commission (SEC) vigorously enforce privacy laws and are increasingly active when it comes to seeing that companies adequately protect consumer data, provide notice of their privacy practices to their users, and, where appropriate, offer meaningful choice with respect to data use and disclosure practices.

But when it comes to privacy, and particularly privacy concerns related to the collection of information for advertising purposes, there are more letters in the alphabet soup that startups need to consider—namely, the organizations in charge of “self-regulating” their industries. Here is a brief overview of the organizations you should know about (and consider joining) if your company is in the business of collecting data from consumers online or through mobile apps and using that information to inform advertising, or even if your company merely partners with companies that do so:

  • The Network Advertising Initiative (NAI) is composed entirely of advertising technology companies. Often referred to as the home of “third parties,” the NAI also includes as members household names like Google, Yahoo and AOL. The NAI has issued a Code of Conduct for online interest-based advertising as well as for mobile app tracking, and the NAI Code is considered by some to be the “gold standard” for demonstrating a commitment to privacy in the online advertising space. The NAI Code is enforced only against its members, so if you are not a member, it is not binding directly on you. But if you partner with any advertising technology companies, you may be contractually obligated to act in accordance with the NAI principles, so you should be familiar with what the NAI requires.
  • The Digital Advertising Alliance (DAA) is composed of seven participating organizations, including the NAI, the Interactive Advertising Bureau (IAB), the Direct Marketing Association (DMA) and others. Like the NAI, the DAA has issued principles governing the collection and use of data for online interest-based advertising and for mobile apps. Unlike the NAI Code, however, the DAA’s principles are directly binding on both “third parties” and “first parties” like website and app publishers and advertisers.
  • The Better Business Bureau (BBB) enforces the DAA’s principles (along with the DMA, with respect to DMA members). What is important to know is that the BBB enforces the DAA principles against all companies that engage in interest-based advertising or that allow other companies to collect data for interest-based ads on their sites or apps. So if you are allowing data collection by another company on your site or app, you are subject to a BBB enforcement action, including the publication of decisions and referrals to the FTC.
  • The Mobile Marketing Association (MMA) has issued a host of best practices governing mobile marketing, including the use of push notifications, location audience targeting, SMS marketing and more. These guidelines are not enforced, but they provide an excellent source for understanding best practices in the mobile ecosystem.