Feeds

Industry’s behavioural ad guidelines criticised

Six months given to sort out privacy protection

5 things you didn’t know about cloud backup

The trade body for the online advertising industry has produced guidelines for companies to follow to ensure that behavioural advertising does not breach users' rights to privacy. Privacy activists have said the rules do not protect users enough.

The Internet Advertising Bureau (IAB) has published the guidelines and Google, Microsoft Advertising, Yahoo! SARL and Phorm have all committed to following them. The IAB said that signatories have six months in which to comply with the rules.

Behavioural advertising tracks users' online activity and can target adverts to users according to what websites they have visited. Even advertisers concede, though, that the benefit to them of more targeted advertising has to be balanced with the privacy rights of internet users.

"The Good Practice Principles set out commitments to transparency, user choice and education. The Principles complement current UK data protection laws with new practices relating to the collection and use of online data," said an IAB statement.

The guidelines have three principles. Firstly, advertisers or website operators must inform users that their data is being collected and used for advertising.

Secondly, users must have a choice about whether they receive the advertising or not. Thirdly, companies must clearly outline what they are doing and how users can opt out of it.

"These are significant developments in offering people greater transparency and choice regarding behavioural advertising," said Nick Stringer, head of regulatory affairs at the IAB.

Digital rights body the Open Rights Group (ORG) said, though, that the protections offered by the rules were not good enough for users of the web.

In a statement on the body’s blog, executive director Jim Killock said that the way that the rules say users should opt out of the system is a problem.

“The sites using behavioural advertising are likely to be operating via cookies. Any ‘opt out’ would be stored by a cookie. So each time a user deletes their cookies, or changes browser or machine, they have to opt out,” he said. “This makes opting out a repeated procedure, such that which would make all but the most stubborn user simply give their consent.”

“This is not how consent should work, and a system that ‘pesters’ users into opting in is in our view an illegitimate attempt to substitute acquiescence for consent, whereas nothing but consent is acceptable,” said Killock.

“If users want more relevant advertising, and this is to be achieved by allocating them to ‘segments‘, why not let them choose the segments they want to belong to? We do not accept the claim that behavioural surveillance for profiling is a service to users,” said Killock.

Google, amongst others, has backed the plan.

"Google believes in two core principles of transparency and choice when it comes to user privacy. That is why we are supportive of these new, self-regulatory principles for online advertising which will enable consumers to increase their understanding of their web surfing options," said Mark Howe, UK country sales director for Google.

The guidelines say that companies should give clear notice about data collection, and that any contracts they sign with other companies in relation to the collection should commit them to doing the same.

The guidelines say that information on how to decline behavioural advertising should be "prominently displayed and easily accessible" on web sites.

The rules forbid companies from using behavioural advertising specifically to target children younger than 13. They also say that companies should consider other areas or target groups sensitive and should avoid targeting them, but they do not issue any instructions on what those groups or areas might be and exactly what action signatories should take.

"There are valid privacy concerns about creating a segment for [behavioural advertising] in some areas because they could be considered sensitive in certain contexts," say the guidelines. "Individual members may therefore make different judgements in their respective approach but will be guided by the over-riding objective of maintaining user trust."

See: The guidelines (pdf)

Copyright © 2009, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
EE accused of silencing customer gripes on social media pages
Hello. HELLO. Can EVERYTHING EVERYWHERE HEAR ME?!
Time Warner Cable customers SQUEAL as US network goes offline
A rude awakening: North Americans greeted with outage drama
Shoot-em-up: Sony Online Entertainment hit by 'large scale DDoS attack'
Games disrupted as firm struggles to control network
BT customers face broadband and landline price hikes
Poor punters won't be affected, telecoms giant claims
Broadband slow and expensive? Blame Telstra says CloudFlare
Won't peer, will gouge for Internet transit
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?