The IAB Europe, the European trade association for the online advertising industry, has today published a new self-regulatory framework for providers of online behavioural advertising ("OBA") in
The IAB Europe, the European trade association for the online advertising industry, has today published a new self-regulatory framework for providers of online behavioural advertising ("OBA") in Europe (see http://goo.gl/lC1QK).
The European framework builds on the Good Practice Principles previously adopted by the UK arm of the IAB back in 2009, and is closely modelled on the similar self-regulatory framework adopted by the Interactive Advertising Bureau in the US. Unlike the previous UK Good Practice Principles, however, it specifically carves out first party adverts from its scope (i.e. targeted advertising served across one or more websites controlled by a single entity or group of affiliated entities). This is a significant carve-out when considering how diverse group company businesses can be. Imagine, for example, a group that owns separate news, social networking, and gaming businesses through its different subsidiaries - would an individual visiting the website of any one of those businesses realise that his or her browsing data may be shared across the entire group and used for targeting on other, seemingly unrelated, group sites?
This aside, the framework includes some commendable provisions aimed at enhancing user notice and choice. Most importantly, it promotes the use of a standardised 'icon' to be displayed on or around targeted adverts to let individuals know when they are being targeted. Crucially, the IAB Europe has chosen to adopt the same "advertising option icon" used by the Digital Advertising Alliance in the US for this purpose (www.aboutads.info). This is a significant step forward in ensuring transatlantic consumer transparency that will help make individuals aware when they are being targeted, regardless of whether the website they are visiting is in the EU or the US.
Companies that comply with the framework will be awarded a B2B seal (essentially, a trust mark) that they can display on their sites to advertise compliance. This will be removed in the event that the company commits a 'significant' breach of its obligations that it fails to remedy. The intention is that the threat of removal of this trust mark will be sufficient to enforce compliance. This is perhaps more doubtful - determinedly non-compliant businesses that display targeted advertising to individuals without providing proper notice and choice are hardly likely to concern themselves with whether or not they can display a trust mark. That said, if the mark gains sufficient traction to be a positive selling point for compliant businesses, then maybe over time it will become sufficiently attractive to engender a compliance culture.
The timing of the publication of these self-regulatory guidelines is, of course, interesting. May 25th, the deadline for new cookie consent rules, looms large and this self-regulatory guidance undoubtedly has as its aim a desire to encourage a more business-friendly implementation of the e-Privacy Directive Article 5(3) cookie consent requirements. Given that most Member States still appear to be struggling with how they will implement the new cookie consent rule, and that concerns about cookie usage principally centre on user profiling issues, it may well be that this new guidance will serve as a 'stitch in time'. We can only wait and see.
The European framework builds on the Good Practice Principles previously adopted by the UK arm of the IAB back in 2009, and is closely modelled on the similar self-regulatory framework adopted by the Interactive Advertising Bureau in the US. Unlike the previous UK Good Practice Principles, however, it specifically carves out first party adverts from its scope (i.e. targeted advertising served across one or more websites controlled by a single entity or group of affiliated entities). This is a significant carve-out when considering how diverse group company businesses can be. Imagine, for example, a group that owns separate news, social networking, and gaming businesses through its different subsidiaries - would an individual visiting the website of any one of those businesses realise that his or her browsing data may be shared across the entire group and used for targeting on other, seemingly unrelated, group sites?
This aside, the framework includes some commendable provisions aimed at enhancing user notice and choice. Most importantly, it promotes the use of a standardised 'icon' to be displayed on or around targeted adverts to let individuals know when they are being targeted. Crucially, the IAB Europe has chosen to adopt the same "advertising option icon" used by the Digital Advertising Alliance in the US for this purpose (www.aboutads.info). This is a significant step forward in ensuring transatlantic consumer transparency that will help make individuals aware when they are being targeted, regardless of whether the website they are visiting is in the EU or the US.
Companies that comply with the framework will be awarded a B2B seal (essentially, a trust mark) that they can display on their sites to advertise compliance. This will be removed in the event that the company commits a 'significant' breach of its obligations that it fails to remedy. The intention is that the threat of removal of this trust mark will be sufficient to enforce compliance. This is perhaps more doubtful - determinedly non-compliant businesses that display targeted advertising to individuals without providing proper notice and choice are hardly likely to concern themselves with whether or not they can display a trust mark. That said, if the mark gains sufficient traction to be a positive selling point for compliant businesses, then maybe over time it will become sufficiently attractive to engender a compliance culture.
The timing of the publication of these self-regulatory guidelines is, of course, interesting. May 25th, the deadline for new cookie consent rules, looms large and this self-regulatory guidance undoubtedly has as its aim a desire to encourage a more business-friendly implementation of the e-Privacy Directive Article 5(3) cookie consent requirements. Given that most Member States still appear to be struggling with how they will implement the new cookie consent rule, and that concerns about cookie usage principally centre on user profiling issues, it may well be that this new guidance will serve as a 'stitch in time'. We can only wait and see.