Feeds

Online ad body: Let's slather 'opt out' icons everywhere

Cookie-sniffer info packages for the stalked masses

Providing a secure and efficient Helpdesk

An advertising icon that explains to internet users about online behavioural advertising (OBA) should be displayed alongside almost every ad regardless of whether they themselves are targeted ads, an industry body has said.

Publishers and advertising networks use cookies to track user behaviour on websites in order to target adverts to individuals based on that behaviour. Under self-regulatory rules on OBA, companies are required to post an interactive icon linking to information about the data collection and easy-to-use controls to opt out from being tracked.

However, Steve Sullivan, vice president of advertising technology at the Internet Advertising Bureau (IAB), said that there were "gaps" in how companies are implementing the code mostly due to "lingering confusion about when the advertising option icon should be included on an ad and the responsibility of each party involved in the buying, selling, and delivery of that ad". He said companies involved in the supply chain of online ads had to take individual responsibility to ensure the icon was displayed alongside "almost every ad".

"One of the OBA principals [sic] state that enhanced notice (via the icon that is often accompanied by the language Interest-Based Ads or AdChoices) must be served on or close to the ad when the ad is either behaviorally targeted or if data is being collected that could be used for future behavioral targeting," Sullivan said in an IAB blog.

"The responsibility to uphold this principle applies to every one of the parties involved in delivery of that ad: the advertiser, the agency ad server, the publisher ad server, and any ad network, exchange, DSP, or SSP," Sullivan said.

"It is safe to assume that every single one of these parties involved in delivering a campaign captures a cookie, an IP address, and a variety of other data points that could be used for future behavioral targeting. As such, it’s imperative that any likelihood of data being collected and used, whether before or after an ad is delivered, is clearly communicated to the consumer.

"So let’s be clear: We should expect to see an advertising option icon on almost every ad, even if that ad is not behaviorally targeted," he said.

Sullivan said that even if no data is collected in order to deliver ads the interactive icon should generally still be displayed. He said the situation was analogous to food packaging that often display information about what ingredients are not featured in the contents.

"It’s not enough to include the advertising option icon only when targeting is being used or cookies are being dropped. The ubiquitous presence of the advertising option icon will reassure consumers that, with one click, they can find the information they need about that ad and the industry players who served it, even if the message is, 'This ad was not targeted'," Sullivan said.

"There will be some exceptions to this general rule, most notably, pharmaceutical ads and certain rich media and video formats, where the industry is still navigating implementation challenges. It is also true that the OBA principles don’t specifically mandate the omnipresence of the advertising option icon, but if we can make it easier and clearer for the consumer to understand the choices they have and make a decision, we all win: consumer, publisher, and advertiser," he said

Last year the IAB Europe issued guidelines on what website operators signed up to the voluntary OBA framework should do to comply with the rules. Posting an interactive icon, complete with accompanying explanatory language, is just one of the rules set out in the code.

Users are able to manage information preferences or stop receiving behavioural advertising via pan-European website, www.youronlinechoices.eu. A user can click on the interactive icon to see the relevant information. The initiative is supported by many leading content providers, including the BBC, Financial Times and Telegraph Media Group, as well as AOL, Microsoft and Yahoo!

Operators must also give users access to any easy method for turning off cookie tracking on their site, and must make it known to users that they collect data on them for behavioural advertising, the regulations stipulate. Websites adhering to the regulations also have to publish details of how they collect and use data, including whether personal or sensitive personal data is involved. Details of which advertisers or groups of advertisers they make the data available to also have to be published.

The code has been criticised by EU privacy watchdog the Article 29 Working Party. The group has said that companies that observe the OBA code do not necessarily comply with EU law. The methods used for displaying information to users and allowing them to opt out of behavioural tracking are insufficient on their own to confer user consent to being tracked, the Working Party has said.

Under the EU's Privacy and Electronic Communications Directive storing and accessing information on users' computers is only lawful "on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information … about the purposes of the processing".

An exception exists where the cookie is "strictly necessary" for the provision of a service "explicitly requested" by the user – so cookies can take a user from a product page to a checkout without the need for consent, for example.

The Directive takes its definition of 'consent' from EU data protection laws, which state that consent must be "freely given, specific and informed". The new laws were implemented into UK law in May. The amended Privacy and Electronic Communications Regulations state that website owners must obtain "informed consent" to tracking users through cookies.

The IAB has insisted that its OBA code was not designed to be compliant with the EU Directive but that it could be used alongside other methods in order to obtain consent.

Copyright © 2012, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
DOUBLE BONK: Testy fanbois catch Apple Pay picking pockets
Users wail as tapcash transactions are duplicated
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.