Feeds

Online ad body: Let's slather 'opt out' icons everywhere

Cookie-sniffer info packages for the stalked masses

Secure remote control for conventional and virtual desktops

An advertising icon that explains to internet users about online behavioural advertising (OBA) should be displayed alongside almost every ad regardless of whether they themselves are targeted ads, an industry body has said.

Publishers and advertising networks use cookies to track user behaviour on websites in order to target adverts to individuals based on that behaviour. Under self-regulatory rules on OBA, companies are required to post an interactive icon linking to information about the data collection and easy-to-use controls to opt out from being tracked.

However, Steve Sullivan, vice president of advertising technology at the Internet Advertising Bureau (IAB), said that there were "gaps" in how companies are implementing the code mostly due to "lingering confusion about when the advertising option icon should be included on an ad and the responsibility of each party involved in the buying, selling, and delivery of that ad". He said companies involved in the supply chain of online ads had to take individual responsibility to ensure the icon was displayed alongside "almost every ad".

"One of the OBA principals [sic] state that enhanced notice (via the icon that is often accompanied by the language Interest-Based Ads or AdChoices) must be served on or close to the ad when the ad is either behaviorally targeted or if data is being collected that could be used for future behavioral targeting," Sullivan said in an IAB blog.

"The responsibility to uphold this principle applies to every one of the parties involved in delivery of that ad: the advertiser, the agency ad server, the publisher ad server, and any ad network, exchange, DSP, or SSP," Sullivan said.

"It is safe to assume that every single one of these parties involved in delivering a campaign captures a cookie, an IP address, and a variety of other data points that could be used for future behavioral targeting. As such, it’s imperative that any likelihood of data being collected and used, whether before or after an ad is delivered, is clearly communicated to the consumer.

"So let’s be clear: We should expect to see an advertising option icon on almost every ad, even if that ad is not behaviorally targeted," he said.

Sullivan said that even if no data is collected in order to deliver ads the interactive icon should generally still be displayed. He said the situation was analogous to food packaging that often display information about what ingredients are not featured in the contents.

"It’s not enough to include the advertising option icon only when targeting is being used or cookies are being dropped. The ubiquitous presence of the advertising option icon will reassure consumers that, with one click, they can find the information they need about that ad and the industry players who served it, even if the message is, 'This ad was not targeted'," Sullivan said.

"There will be some exceptions to this general rule, most notably, pharmaceutical ads and certain rich media and video formats, where the industry is still navigating implementation challenges. It is also true that the OBA principles don’t specifically mandate the omnipresence of the advertising option icon, but if we can make it easier and clearer for the consumer to understand the choices they have and make a decision, we all win: consumer, publisher, and advertiser," he said

Last year the IAB Europe issued guidelines on what website operators signed up to the voluntary OBA framework should do to comply with the rules. Posting an interactive icon, complete with accompanying explanatory language, is just one of the rules set out in the code.

Users are able to manage information preferences or stop receiving behavioural advertising via pan-European website, www.youronlinechoices.eu. A user can click on the interactive icon to see the relevant information. The initiative is supported by many leading content providers, including the BBC, Financial Times and Telegraph Media Group, as well as AOL, Microsoft and Yahoo!

Operators must also give users access to any easy method for turning off cookie tracking on their site, and must make it known to users that they collect data on them for behavioural advertising, the regulations stipulate. Websites adhering to the regulations also have to publish details of how they collect and use data, including whether personal or sensitive personal data is involved. Details of which advertisers or groups of advertisers they make the data available to also have to be published.

The code has been criticised by EU privacy watchdog the Article 29 Working Party. The group has said that companies that observe the OBA code do not necessarily comply with EU law. The methods used for displaying information to users and allowing them to opt out of behavioural tracking are insufficient on their own to confer user consent to being tracked, the Working Party has said.

Under the EU's Privacy and Electronic Communications Directive storing and accessing information on users' computers is only lawful "on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information … about the purposes of the processing".

An exception exists where the cookie is "strictly necessary" for the provision of a service "explicitly requested" by the user – so cookies can take a user from a product page to a checkout without the need for consent, for example.

The Directive takes its definition of 'consent' from EU data protection laws, which state that consent must be "freely given, specific and informed". The new laws were implemented into UK law in May. The amended Privacy and Electronic Communications Regulations state that website owners must obtain "informed consent" to tracking users through cookies.

The IAB has insisted that its OBA code was not designed to be compliant with the EU Directive but that it could be used alongside other methods in order to obtain consent.

Copyright © 2012, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Forget silly privacy worries - help biometrics firms make MILLIONS
Beancounter reckons dabs-scanning tech is the next big moneypit
Microsoft's Office Delve wants work to be more like being on Facebook
Office Graph, social features for Office 365 going public
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.