Feeds

Industry’s behavioural ad guidelines criticised

Six months given to sort out privacy protection

Next gen security for virtualised datacentres

The trade body for the online advertising industry has produced guidelines for companies to follow to ensure that behavioural advertising does not breach users' rights to privacy. Privacy activists have said the rules do not protect users enough.

The Internet Advertising Bureau (IAB) has published the guidelines and Google, Microsoft Advertising, Yahoo! SARL and Phorm have all committed to following them. The IAB said that signatories have six months in which to comply with the rules.

Behavioural advertising tracks users' online activity and can target adverts to users according to what websites they have visited. Even advertisers concede, though, that the benefit to them of more targeted advertising has to be balanced with the privacy rights of internet users.

"The Good Practice Principles set out commitments to transparency, user choice and education. The Principles complement current UK data protection laws with new practices relating to the collection and use of online data," said an IAB statement.

The guidelines have three principles. Firstly, advertisers or website operators must inform users that their data is being collected and used for advertising.

Secondly, users must have a choice about whether they receive the advertising or not. Thirdly, companies must clearly outline what they are doing and how users can opt out of it.

"These are significant developments in offering people greater transparency and choice regarding behavioural advertising," said Nick Stringer, head of regulatory affairs at the IAB.

Digital rights body the Open Rights Group (ORG) said, though, that the protections offered by the rules were not good enough for users of the web.

In a statement on the body’s blog, executive director Jim Killock said that the way that the rules say users should opt out of the system is a problem.

“The sites using behavioural advertising are likely to be operating via cookies. Any ‘opt out’ would be stored by a cookie. So each time a user deletes their cookies, or changes browser or machine, they have to opt out,” he said. “This makes opting out a repeated procedure, such that which would make all but the most stubborn user simply give their consent.”

“This is not how consent should work, and a system that ‘pesters’ users into opting in is in our view an illegitimate attempt to substitute acquiescence for consent, whereas nothing but consent is acceptable,” said Killock.

“If users want more relevant advertising, and this is to be achieved by allocating them to ‘segments‘, why not let them choose the segments they want to belong to? We do not accept the claim that behavioural surveillance for profiling is a service to users,” said Killock.

Google, amongst others, has backed the plan.

"Google believes in two core principles of transparency and choice when it comes to user privacy. That is why we are supportive of these new, self-regulatory principles for online advertising which will enable consumers to increase their understanding of their web surfing options," said Mark Howe, UK country sales director for Google.

The guidelines say that companies should give clear notice about data collection, and that any contracts they sign with other companies in relation to the collection should commit them to doing the same.

The guidelines say that information on how to decline behavioural advertising should be "prominently displayed and easily accessible" on web sites.

The rules forbid companies from using behavioural advertising specifically to target children younger than 13. They also say that companies should consider other areas or target groups sensitive and should avoid targeting them, but they do not issue any instructions on what those groups or areas might be and exactly what action signatories should take.

"There are valid privacy concerns about creating a segment for [behavioural advertising] in some areas because they could be considered sensitive in certain contexts," say the guidelines. "Individual members may therefore make different judgements in their respective approach but will be guided by the over-riding objective of maintaining user trust."

See: The guidelines (pdf)

Copyright © 2009, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

The essential guide to IT transformation

More from The Register

next story
Déjà vu: Virgin Media jacks up broadband prices
Screw copper phone lines, we're UNIQUE, bleats telco
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
Fifteen zero days found in hacker router comp romp
Four routers rooted in SOHOpelessly Broken challenge
New Sprint CEO says he will lower axe on staff – but prices come first
'Very disruptive' new rates to be revealed next week
US TV stations bowl sueball directly at FCC's spectrum mega-sale
Broadcasters upset about coverage and cost as they shift up and down the dials
UK mobile coverage is BETTER than EVER, networks tell Ofcom
Regulator swallows this line and parrots it back out at us. What are they playing at?
What's the nature of your emergency, Vodafone?
Oh, you've dialled the wrong number for ad fibs, rules ASA
EE network whacked by 'PDP authentication failure' blunder
Carrier is 'aware' of cockup, working on a fix NOW
ROAD TRIP! An FCC road trip – Leahy demands net neutrality debate across US
You crashed watchdog's site, now time to crash its ears
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.