Privacy

NAI’s 2012 Compliance Report: A Good Year for Best Practices

Published: Feb. 26, 2013

Updated: Oct. 05, 2020

2012 was a year in which self-regulatory efforts and organizations became — as they continue to be — particularly relevant in the online data ecosystem. This month, the Network Advertising Initiative (known as the “NAI”) — among the most influential of these organizations — issued its 2012 Compliance Report chronicling its and its members’ self-regulatory efforts over the course of the past year.

The NAI “Code of Conduct” perhaps singularly reflects the numerous best practices that have developed over the past decade, governing how third party ad and data platforms should collect, use, share and disclose data sets.  The Code enforces transparency about “OBA” (online behavioral advertising)  practices, requires responsible data-sourcing, and strongly disincentivizes the collection of personally identifiable information (PII) — in particular, the merger of PII with OBA data.  NAI member companies  – there are now 99 — must undergo an often extensive audit prior to membership, as well as annual follow-up audits.

In its Compliance Report, the NAI noted that it reviewed 76 of its members’ practices to evaluate compliance with the Code — a process that included over 100 interviews, including with senior management, and a review of thousands of documents.  It found widespread compliance, and found that many companies had created process and design-oriented features to avoid collecting PII.  The NAI also reported that its own website — newly revamped for greater transparency– received more than 10 million visits.

Among the NAI’s particular enforcement initiatives in 2012 were:

  1. Vigorous enforcement of its health transparency policy — requiring member companies to post information about standard health-related segments they work with;
  2. Working with NAI members to implement the ad industry’s “Ad Choices” icon — serving the icon “trillions of times per month” ;
  3. Continuously testing members’ opt-out channels — the NAI runs automated tests multiple times a day —  and resolving every glitch within 24 hours;
  4. Confirming that no members were using history sniffing, “flash” cookies, or similar technologies that have been labeled as controversial;
  5. On the enforcement side, the NAI received 37 reports suggesting “potential material non-compliance with the NAI Code.”  In 29 of these cases, no actual violations were found, and in the remaining 8, any potential violations were promptly resolved.

What’s next?  The NAI reported that its major objectives for 2013 are to update its Code of Conduct (which was last updated in 2008) and in particular, to create best practices around mobile ads, and focus on non-cookie based methods and channels of targeting behavioral data.

The NAI is a somewhat unique organization:  it conducts deep investigations and audits into members and aspiring members, and NAI membership holds significance for many advertisers and marketers who — often deeply protective of their brands — seek to partner with privacy-conscious platforms.  Membership in the NAI signifies that a company has run a gauntlet of sorts:  as the Report notes, “many companies must implement significant revisions to their privacy disclosures” to gain membership and it is not unusual for companies to alter or eliminate their business practices to become NAI members.

ZwillGen (and the author) regularly works with companies seeking to gain admission into the NAI — both consulting on privacy practices and helping them manage the investigation and admission process itself.  Please contact the author or our other attorneys to learn more about the NAI and how its Code and best practices can affect and advance your business objectives.