TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | With CFPB Referral, Is OBA Self-Regulation Growing Teeth? Related reading: Top takeaways from the draft American Privacy Rights Act



In a first-of-its-kind move, the Online Interest-Based Advertising Accountability Program has referred SunTrust Bank to the Consumer Financial Protection Bureau (CFPB) for refusing to participate in the advertising industry’s self-regulatory process.

The accountability program had sent a letter to SunTrust inquiring about how it was using third parties to collect users’ web-browsing habits. According to a Council of Better Business Bureau press release, the accountability program observed “what appeared to be third parties known to be engaged in collecting consumers’ web-browsing activity in order to serve them interest-based ads.” Additionally, the program inquiry sought the bank’s help in determining whether consumers received real-time notice of the online behavioral advertising activities.

SunTrust, according to the report, declined to cooperate with the self-regulatory body.

“Our institution,” SunTrust wrote, “is monitored by a sizeable number of both federal and state agencies and is subject to regulatory exams and reviews on an ongoing basis. Complying with these demands consumes all of our allocated resources.”

“Today marks the 33rd public compliance announcement to date,” Digital Advertising Alliance (DAA) Executive Director Lou Mastria, CIPP/US, told The Privacy Advisor, adding, “and the first requiring the extraordinary step of referral to a federal authority.”

The DAA, along with the American Association of Advertising Agencies (4As), the American Advertising Association, the Direct Marketing Association, the Interactive Advertising Bureau and the Network Advertising Initiative, among others helped develop the Self-Regulatory Principles for Online Behavioral Advertising. Their goal is to “provide a new level of transparency and consumer control, including real-time, ‘enhanced’ notice whenever a third party is collecting a consumer’s browsing activity from different websites and using that data to serve the consumer interest-based ads.”

Mastria said, “The goal of DAA is always compliance, as it has been in 32 prior decisions. But in those uncommon cases where there appears to be a choice to not comply, we reserve the right to refer such companies to appropriate authorities.”

In this case, SunTrust has been referred to the CFPB, which is still relatively new to the regulatory scene. Though, at the time of this article going to press, the CFPB could not yet comment on the case, its website says, as part of its “Core Functions,” it can protect consumers by restricting “unfair, deceptive or abusive acts or practices.”

Though it remains to be seen what the CFPB will do in this case, it’s clear that the DAA is aiming to make a case that self-regulation can have teeth.

Mastria summed it up this way: “This robust oversight of the interest-based advertising marketplace should reaffirm the belief that self-regulation can and does work to address privacy concerns.”


If you want to comment on this post, you need to login.