For privacy professionals, staying on top of the accelerating news cycle can seem like a full-time job, given the flood of daily coverage around topics ranging from data breaches to policy debates, legislative proposals, and technological shifts.
One piece of recent news is worthy of some extra attention, however, as it highlights our industry’s success in building an effective and independently enforced self-regulatory framework for consumer privacy around interest-based advertising.
Last week, the Advertising Self-Regulatory Council of the Council of Better Business Bureaus announced the 100th public compliance action since it began serving as one of the two accountability partners for the Digital Advertising Alliance’s Self-Regulatory Principles eight years ago. (The DAA’s other accountability partner is the Data Marketing & Analytics division of the Association of National Advertisers.)
While impressive in the abstract, those 100 cases have also provided broad and tangible benefits for millions of consumers by raising compliance standards across the many digital services and platforms they use. The ASRC has also been a primary point of contact for referrals from consumers who have discovered potential violations of the DAA principles.
As IAPP members know, the DAA’s accountability partners serve a unique and critical role in its self-regulatory framework, ensuring the DAA principles are enforced through an independent process to monitor, investigate, review, and report findings around compliance. Because the DAA principles cover all companies engaged in digital advertising, regardless of whether they are DAA participants, that arms-length enforcement role guarantees that the compliance process is equitable, objective and transparent. This was a novel privacy tool when it launched. Today, it is a tested and proven approach to managing safeguards in dynamic marketplaces.
When necessary, those accountability partners can also refer noncompliant companies to the appropriate regulatory agencies, a step that happily has only been needed a handful of times, as 98% of companies reviewed by the ASRC voluntarily came into compliance once contacted and alerted to the issues that needed to be addressed.
Equally important, the ASRC and DMA work behind the scenes to provide compliance advice to hundreds of publishers, brands, agencies and ad tech companies so there is no need for remedial action. Those education efforts include webinars and industry events to help companies understand recent changes to the principles, as the DAA regularly updates its standards to account for new technologies, like multisite data, mobile, video and cross-device environments.
Along with the announcement of its 99th and 100th compliance actions, the ASRC also released a new report offering a retrospective analysis of all its past actions. The report highlights the broad range of issues addressed through compliance actions, including opt-outs, enhanced notice, precise location data, sensitive data, personal directory data and cross-device standards.
More than half the ASRC cases released to date (58%) focused at least in part on the importance of providing “enhanced notice” to consumers, while more than a third (38%) focused on the requirement to provide consumers with choice around IBA, and one in five (19%) involved mobile device enforcement.
Beyond the scope of issues, the compliance cases undertaken by the ASRC also spanned nearly every type of entity engaged in digital advertising, covering brands, agencies, publishers, ad tech companies and exchanges. Reviewed individually — or in aggregate — the cases show the importance of internal leaders in driving the adoption of best practices in every company. For privacy professionals, this highlights the importance of driving compliance with emerging business practices.
Furthermore, the report is replete with useful background and information for privacy professionals in the digital advertising space and well worth a review. In addition, the full list of actions taken by the ASRC provides a valuable resource for companies working to ensure their own compliance.
Working on the front lines of privacy can be often a thankless task, but the 100th compliance action is a milestone that demonstrates the power of effective self-regulation. Those cases also illustrate the real-world consumer benefits from a program that raises the bar on privacy by setting and enforcing consistent requirements for industry compliance.
We should all commend the ASRC, DMA and the hundreds of privacy professionals who have worked with them to build a track record of success in our industry’s efforts to set and enforce high standards around consumer privacy.
If you want to comment on this post, you need to login.