by Chris Hansen
VP of Performance Marketing, 360i
This week, the Network Advertising Initiative (NAI) released its 2008 NAI Principles. These principles are designed to provide member advertising networks, specifically those that offer behavioral targeting, a code of conduct for data collection and a set of rules regarding user privacy. The main goal of these guidelines is to create a unified set of best practices for the industry to follow as a means of self regulation and to stave off potential governmental legislation in this area.
So what impact do these principles have on the behavioral programs you may be running? Frankly, for most marketers, there will be no impact. Most large advertising networks, specifically those networks 360i works with, are already part of the NAI and have been working under similar guidelines. The NAI Principles are merely a formal declaration of the rules and best practices that the NAI and its member networks have followed for some time. If you are currently running a program using some form of behavioral targeting, including remarketing or re-targeting, and are working with a network that is part of the NAI, then you are in compliance with their guidelines and should feel comfortable that you are employing industry best practices.
Specifically, these networks will not and do not:
- Collect PII (or “Personally Identifiable Data”)
- Collect non-PII data without the ability to opt out of that data collection
- Collect sensitive information about a user, including specific financial and health-related info (e.g. account numbers)
- Use behavioral data to target children under 13 years of age
- Marry PII and non PII Data without explicit opt in consent
This last point is probably the one of most importance. Previously, there were no specific rules around marrying PII and non-PII data (including offline data). The NAI needed to add clarity to this practice since many networks are beginning to offer these services. An example of this in practice: A company that sells hats on their Web site and through their catalog has a prospect database built after many years of marketing to individuals, both online and off. This company wants to leverage that database by matching up its prospects to an ad network’s user base. The company’s database likely includes some personally identifiable data, such as a prospect’s name and email address. The ad network takes the prospect database and cookie data that it has collected and sends that off to a third party vendor. The third party matches the two data bases, anonymizes them, then sends the data back to the ad network for targeting. Those two distinct data sets are now matched, but all PII data has been stripped out by the third party.
If a network were to do this, they would need to insure the user had opted in for their PII data to be used this way at the time the data was collected. In this case, when the user provided their name and email address to the marketer.
All of this talk about privacy, tracking of user behavior, PII, non PII, etc. as it relates to a marketing plan is sure to make some people nervous. If there weren’t organizations establishing guidelines around these practices, there would be need for concern. But fortunately, the NAI, IAB and the DMA, as well as many networks, have all stepped up and are working together to establish behavioral targeting best practices that protect consumers, while also giving marketers the type of information they need to better target advertising and improve ROI. This type of introspection and self-regulation is good for everyone – our industry, marketers and especially consumers – and we applaud the NAI for establishing these guidelines.