OBA â your questions answered

Online behavioural advertising (OBA) – the displaying advertisements on a website based on a person’s browsing activity – is a major part of the current data privacy debate. A new industry-wide best practice recommendation will require organisations to give people the option to opt out of OBA cookies, tracking their behaviour. What does this mean for your business? Read on and find out.

What does my company need to do if we use OBA?
In response to concerns about e-privacy, the industry has developed a signatory code called the “EU Framework” for ad networks and others technology companies that drop cookies for purposes of targeting consumers through OBA and retargeting. This puts in place mechanisms to provide enhanced notice to users, similar to the programme already in operation in the US.

These mechanisms include an icon on or near an advertisement, which provides a link to a website – Your Online Choices, giving the user information and the opportunity to opt out of OBA cookies tracking their behaviour. Full details, including which organisations are participating, are available here.

Who has to provide the icon?
“Networks” (third-party “network” businesses or technology companies) that place cookies on others’ websites on behalf of their advertiser clients, will be required to provide the icon.

This doesn’t apply to first-party cookies that website owners place on their own site. Publishers may choose to provide an icon (eg alongside their privacy policy) but this is only optional.

What do I have to do?
Networks and other technology platforms should sign the EU Framework. They should seek to use the icon which, although currently only available via the US Digital Advertising Alliance (DAA), should be available by spring 2012 from a European DAA (EDAA). Networks must ensure that they have the technological and operational systems in place to comply with the requirements of the Framework.

How will compliance be ensured?
As part of the Framework, networks will be subject to a pan-European audit and ongoing monitoring to ensure that they are following the rules. If the audit shows the company is compliant, it will receive a trading “seal”, a symbol of trust to the market and the public. The seal also acts as an incentive for businesses to commit to the EU Framework’s obligations.

Should a company fail to comply and/or not remedy a significant breach of its obligations within a limited timeframe, it will be legally obliged to remove the seal.

How much will it cost?
The EDAA will establish the costs for the icon and auditing. But, as a comparison, the licence for the US icon costs networks $5,000 a year, although this is discounted for smaller operators. UK trade associations are working to provide information on costs from the EDAA.

What about the e-privacy (‘cookie’) law?
This is part of a package of solutions (including browser controls and education initiatives) that can help achieve compliance with the Directive. The Framework only applies to cookies placed via third-party websites used for the purpose of targeted advertising.

The Directive requires informed consent for the use of all cookies (unless they are strictly necessary), so it is important that companies ensure they understand what cookies they are using, the necessity of their purpose, and set about to ensure that their use is transparent. Companies should take their own legal advice in considering compliance with the Directive.

What happens if users complain?
The icon and website should address most consumer concerns. However, from summer 2012, the intention is that the ASA could investigate consumer complaints relating to OBA, if necessary. The ASA would also provide consumers with information about OBA and the opt-out mechanisms that are available. The CAP (Advertising) Code rules will mirror the requirements of the EU Framework.

As all networks are encouraged to sign the Framework, it is expected that the online tools and technical infrastructure it provides will ensure that networks are compliant with the Codes, and so complaints to the ASA are expected to be very low. However, if Networks fail to provide the required notice and control tools, then they could be subject to an ASA investigation and, ultimately, the array of sanctions that the ASA is able to use.

William Blomefield, Regulatory Affairs Manager, The Advertising Association.

As a member of CAP and the ASA, the DMA is playing a major role in the self-regulatory activity outlined above and its working party is monitoring developments closely.

Contact James Milligan, 020 7291 3360.