NAI Principles Likely to Defuse "Profiling" Concerns
The online profiling industry announced a series of self regulatory principles on July27 that were immediately applauded by both the Federal Trade Commission and the Department of Commerce. Although the announcement may quell some of the seemingly incessant controversy over the profiling aspects of privacy, the press, the U.S. Congress, various state officials, and even the Presidential candidates seem intent on keeping Web privacy on top of the U.S. policy agenda.
Under the auspices of the Network Advertising Initiative (NAI), online preference marketing companies reaffirmed their commitment to the "fair information principles" as interpreted by the Online Privacy Alliance and made several additional pledges designed to insure that Web users know about profiling and how to control their Web experience. The signers of the agreement presumably are subject to its terms under the FTC's authority to redress misrepresentations.
The agreement is designed to ensure that all companies that publish on the Web and use ad serving companies revise their own privacy policies to give Web users notice of profiling on their pages. Profiling companies must have all the promised disclosures on their own sites, and all Web publishes are to have notice of the profiling activity on their own sites and links to the profiling company sites.
Jodie Bernstein, Director of the FTC's Bureau of Consumer Protection, called the principles "valuable and constructive." Notwithstanding the principles, the FTC on the same day filed the second part of its privacy report to Congress reiterating its recommendation that Congress provide explicit additional privacy enforcement authority. By a vote of 4-1, the FTC said the additional authority was necessary to enforce the principles on companies not endorsing the NAI principles. Commissioner Orson Swindle dissented, saying such "backstop" legislative authority was "overly burdensome and unnecessary."
Norman Mineta, Secretary of Commerce, sounded even more supportive: "Once fully implemented, these principles will constitute an effective and meaningful self-regulatory approach ... [and] appropriate protection for the privacy of individuals' information." Indeed, adhering to the stance of his predecessor, Secretary Daley, Mineta declined to endorse further legislation: "Rather than calling now for legislation ... which as a practical matter could not be enacted this year, the Administration will review the success of the Principles over the next twelve months to see if in fact any gaps in coverage develop."
On July 26, Senators McCain, Kerry, Abraham and Boxer introduced a major bipartisan privacy bill and have announced plans for further hearings before Congress adjourns for the election. Still, most agree with the suggestion of Secretary Mineta that there is little chance for enactment of a comprehensive privacy bill this year.
As of the signing of the NAI principles, the NAI companies represented virtually all known third-party network advertising companies that serve commercial web sites. Network advertisers facilitate Web advertising through ad serving, hosting and ad sales services on the Web. For Web users, network advertisers provide ads targeted to the user's interest and control ad duplication. For Web advertisers, network advertisers provide cost-effective audience targeting. The NAI companies that signed the agreement are DoubleClick, Engage, 24/7 Media, AdForce, AdKnowledge, AvenueA, Burst!Media, L90, and the MatchLogic unit of Excite@Home.
According to the NAI principles, the network advertisers (and their Web publisher customers) will:
1. Adhere to the OPA privacy guidelines for personally identifiable information ("PII"),
2. Not use sensitive, personally-identifiable medical data, financial, sexual preference or behavior, nor social security numbers,
3. Not merge without prior affirmative consent ("opt-in") PII with information previously collected as non-PII,
4. Provide customers with "robust notice and choice" for merger of PII with non-PII collected on a going forward basis,
5. Not use PII consisting of PII collected off-line and merged with PII collected online unless the consumer has been given robust notice and choice about such merger before it occurs,
6. Require Web publishers with which they have contractual relationships to provide notice and choice regarding the collection of non-PII.