Online behavioral advertising: European and American approaches

On December 8, 2011, the European Union’s Article 29 Working Party issued Working Paper 188 entitled “Opinion 16/2011 on EASA/IAB Best Practice Recommendation on Online Behavioural Advertising” (“WP 188”). WP 188 addresses the online behavioral advertising guidance (the “EASA/IAB Code” or the “Code”) issued by the European Advertising Standards Alliance (“EASA”) and the Internet Advertising Bureau Europe (“IAB”), which was adopted by those organizations in April 2011. WP 188 details the Article 29 Working Party’s concerns with the EASA/IAB Code, including the fact that compliance with the Code does not achieve compliance with the 2009 Directive 2009/136/EC which revised the 2002 e-Privacy Directive (“Revised e-Privacy Directive”).

The European Union follows seven principles for privacy protection, namely: notice, purpose, consent, security, disclosure, access, and accountability. WP 188 principally addresses the Code’s approach to the principles of notice and consent. First, as to notice, WP 188 remarks that the Code’s recommendation is to place an icon on a website which indicates where the user can go to opt-out of tracking. WP 188 states that the icon is insufficient because: users do not recognize the icon’s purpose, the icons are not clearly marked to convey the purpose of the icon, and the icon does not provide complete information regarding tracking. For these reasons, the Code’s icon approach is not sufficient to give the user notice of tracking under the Revised e-Privacy Directive. Second, as to choice, WP 188 notes that the standard for tracking is informed consent, and the Code’s requirement to opt-out of tracking is not consistent with the Revised e-Privacy Directive. WP 188 notes that an opt-in option would be more consistent with the requirements of the Revised e-Privacy Directive.

Aside from these two major complaints about the Code, WP 188 also notes that: the 12 year-old threshold for processing of children’s data is appropriate but not based in a legal standard, the Code must recognize that it is national regulators who are responsible for assessing legal compliance with the privacy requirements, and that the Code must specify the amount of data collected by the tracking and the specific purposes of the tracking. Last, WP 188 seeks to clarify that, while the information obtained in tracking qualifies as personal data, consent is not required for every type of cookie. WP 188 recognizes that a site need not obtain informed consent to track a user if the tracking is necessary to carry out a transmission or if the tracking is strictly necessary in order to provide a service. For those sites that do require informed consent, WP 188 recommends various ways to collect the consent aside from placing a pop up screen on the site.

While the European Union follows seven principles for privacy protection, the Federal Trade Commission (“FTC”) announced four principles in their 2009 report entitled “Self-Regulatory Principles for Online Behavioral Advertising” (the “Self-Regulatory Principles”). The Self-Regulatory Principals include four governing concepts: (1) transparency and control, meaning that companies should provide meaningful disclosures to users about their choices in regards to the receipt of behavioral advertising; (2) reasonable security and limited data retention, meaning that companies should provide reasonable security measures so that behavioral data which is collected is secure; (3) material changes to privacy policies, meaning that before a company uses behavioral data in a way that is inconsistent with its privacy policy at the time the data was collected, that company should secure affirmative express consent from the user before collecting any additional data, and (4) companies must receive opt-in consent before the receipt of sensitive data, which includes but is not limited to financial information, information about children, health information and social security numbers.

Although the specific approaches to online behavioral advertising vary between the European Union and the United States, both share the view that, although tracking is an important online tool for behavioral advertisers, protecting the privacy of users is the top priority.

Register Now As you are not an existing subscriber please register for your free daily legal newsfeed service.

Online behavioral advertising: European and American approaches

Tags

Related European Union articles

Article 29 Working Party finds the online behavioural advertising self-regulatory framework non-compliant with the e-Privacy Directive *

Search engine activity and data storage scrutinized by EU data privacy authority *

How the cookie crumbles: a clash of cultures on cookie regulation *

Article 29 Working Party publishes opinion on purpose limitation principle *

New UK online behavioral advertising code released *

Related international articles

Popular articles from this firm

“They owe you” does not always mean you can withhold *

USPTO reshuffles the RCE deck *

Federal Circuit issues fractured affirmance in CLS Bank v. Alice Corporation *

Patent exhaustion and self-replicating technologies *

En banc decision in CLS Bank: no clear resolution for eligibility of computer-related inventions *