Many retailers engage in behavioral advertising, which refers to the use of information to predict the types of products or services of greatest interest to a particular consumer. Online behavioral advertising takes two forms. “First party” behavioral advertising refers to situations in which a website uses information that it obtains when interacting with a visitor. “Third party” behavioral advertising refers to situations in which a company permits others to place tracking cookies on the computers of people who visit the site, so that those individuals can be monitored across a behavioral advertising network.

Two self-regulatory associations – the Network Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”) – have created standards for companies engaged in third-party online behavioral advertising. They recommend clear, meaningful and prominent disclosure on a retailer’s website that describes its data collection, transfer and use practices. With respect to third-party behavioral advertising, they recommend describing the types of data that are collected, explaining the purpose for which it is collected or will be transferred to third parties, and providing a prominent opt-out mechanism by which customers can opt out from being tracked.

In addition to the self-regulatory effort, California’s Online Privacy Protection Act went into effect on January 1, 2014, and could be interpreted as requiring retailers and other businesses to notify consumers in their website privacy policies if they permit third party behavioral advertising. The following provides a snapshot of information concerning behavioral advertising.

What to think about when evaluating your organization’s online behavioral advertising practices:

  1. Does your privacy policy comply with state law requirements concerning the disclosure of first party online behavioral advertising?
  2. Does your privacy policy comply with state law requirements concerning the disclosure of third party online behavioral advertising?
  3. Does your organization state or imply that it only permits behavioral advertisers to use its website if those advertisers utilize the opt-out mechanisms of NAI and/or DAA?
  4. If so, do all of the behavioral advertisers that you permit to use your website permit opt-out via the NAI and/or DAA mechanisms?
  5. Who within your organization has the authority to permit third parties to place cookies on your website?
  6. Has legal counsel reviewed the contracts with each behavioral advertiser with whom your organization has a relationship to verify that their privacy practices comply with law and with the standards of your organization?
  7. Have you audited the cookies that are placed, or tracked, on your website?
  8. Have you verified the accuracy of the description of behavioral advertising contained on your website?