Marking its 89th decision, the Online Interest-Based Advertising Accountability Program released two decisions addressing the issue of transparency.
According to the self-regulatory body, both Purple Innovation LLC’s and x19 Limited’s online consumer advertising required more transparency to achieve compliance with the Digital Advertising Alliance’s (DAA) Self-Regulatory Principles.
To fully comply, a website operator that allows third parties to collect visitors’ web browsing data for interest-based advertising (IBA) must comply with the enhanced notice requirement of the DAA Principles, the Accountability Program explained. Specifically, first parties must post a clear, meaningful and prominent link to a disclosure on any web page through which IBA data is collected. This disclosure must explain the IBA activity that occurs on the first party’s site, provide consumers with a means to opt out of IBA and state the website’s adherence to the DAA Principles.
In the case of Purple Innovation, a consumer complained that the online mattress retailer failed to provide the requisite notice. Unable to find the enhanced notice link or disclosure of third-party IBA activity, the Accountability Program sent an inquiry letter to Purple Innovation.
“These changes brought Purple into full compliance with the DAA Principles,” according to the decision.
United Kingdom-based company x19, which offers a URL shortening service known as Adf.ly, faced a similar inquiry from the Accountability Program. In 2014, the self-regulatory body released a compliance warning regarding non-cookie identification technologies (such as statistical identification techniques, canvas fingerprinting or font enumeration) that are used alongside or instead of traditional cookies to identify users as they browse the Internet. The warning reminded companies that the DAA Principles apply equally to whatever methods are used to facilitate IBA.
The Accountability Program then conducted a systematic review of the technology and encountered Adf.ly during a survey of websites using what appeared to be canvas fingerprinting on third-party websites. In addition, a review of Adf.ly’s own website revealed it lacked IBA disclosures with regard to third parties, a compliant opt-out mechanism from IBA activity and a statement of adherence to the DAA Principles.
In response, Adf.ly told the self-regulatory body that it did not engage in canvas fingerprinting for IBA purposes (instead using the technology for fraud prevention). Finding “no reason to question this assertion,” the Accountability Program determined the company was in compliance with regard to third-party duties.
Why it matters: “It is vital that consumers be given up-front notice of this background data collection for IBA,” Jon Brescia, director of adjudications and technology for the Accountability Program, said in a statement. “We take this opportunity to again entreat website owners and operators to ensure that consumers are given the notice and choice owed them under the DAA Principles.”