Feeds

Industry’s behavioural ad guidelines criticised

Six months given to sort out privacy protection

The Essential Guide to IT Transformation

The trade body for the online advertising industry has produced guidelines for companies to follow to ensure that behavioural advertising does not breach users' rights to privacy. Privacy activists have said the rules do not protect users enough.

The Internet Advertising Bureau (IAB) has published the guidelines and Google, Microsoft Advertising, Yahoo! SARL and Phorm have all committed to following them. The IAB said that signatories have six months in which to comply with the rules.

Behavioural advertising tracks users' online activity and can target adverts to users according to what websites they have visited. Even advertisers concede, though, that the benefit to them of more targeted advertising has to be balanced with the privacy rights of internet users.

"The Good Practice Principles set out commitments to transparency, user choice and education. The Principles complement current UK data protection laws with new practices relating to the collection and use of online data," said an IAB statement.

The guidelines have three principles. Firstly, advertisers or website operators must inform users that their data is being collected and used for advertising.

Secondly, users must have a choice about whether they receive the advertising or not. Thirdly, companies must clearly outline what they are doing and how users can opt out of it.

"These are significant developments in offering people greater transparency and choice regarding behavioural advertising," said Nick Stringer, head of regulatory affairs at the IAB.

Digital rights body the Open Rights Group (ORG) said, though, that the protections offered by the rules were not good enough for users of the web.

In a statement on the body’s blog, executive director Jim Killock said that the way that the rules say users should opt out of the system is a problem.

“The sites using behavioural advertising are likely to be operating via cookies. Any ‘opt out’ would be stored by a cookie. So each time a user deletes their cookies, or changes browser or machine, they have to opt out,” he said. “This makes opting out a repeated procedure, such that which would make all but the most stubborn user simply give their consent.”

“This is not how consent should work, and a system that ‘pesters’ users into opting in is in our view an illegitimate attempt to substitute acquiescence for consent, whereas nothing but consent is acceptable,” said Killock.

“If users want more relevant advertising, and this is to be achieved by allocating them to ‘segments‘, why not let them choose the segments they want to belong to? We do not accept the claim that behavioural surveillance for profiling is a service to users,” said Killock.

Google, amongst others, has backed the plan.

"Google believes in two core principles of transparency and choice when it comes to user privacy. That is why we are supportive of these new, self-regulatory principles for online advertising which will enable consumers to increase their understanding of their web surfing options," said Mark Howe, UK country sales director for Google.

The guidelines say that companies should give clear notice about data collection, and that any contracts they sign with other companies in relation to the collection should commit them to doing the same.

The guidelines say that information on how to decline behavioural advertising should be "prominently displayed and easily accessible" on web sites.

The rules forbid companies from using behavioural advertising specifically to target children younger than 13. They also say that companies should consider other areas or target groups sensitive and should avoid targeting them, but they do not issue any instructions on what those groups or areas might be and exactly what action signatories should take.

"There are valid privacy concerns about creating a segment for [behavioural advertising] in some areas because they could be considered sensitive in certain contexts," say the guidelines. "Individual members may therefore make different judgements in their respective approach but will be guided by the over-riding objective of maintaining user trust."

See: The guidelines (pdf)

Copyright © 2009, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

The Essential Guide to IT Transformation

More from The Register

next story
Trying to sell your house? It'd better have KILLER mobile coverage
More NB than transport links to next-gen buyers - study
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
Speak your brains on SIGNAL-FREE mobile comms
Readers chat to the pair who flog the tech
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.