The former privacy chief of the Federal Trade Commission, Marc Groman, in December 2011 jumped headfirst into an industry he had previously regulated, becoming the executive director of the Network Advertising Initiative (NAI), a voluntary online advertising standards association that includes Google, Microsoft, Yahoo and AOL among its 80 member companies.
Groman told TPM in an exclusive interview that he joined the group to try and reform online advertising practices from within the industry.
“I came to the NAI because I think it’s just an extraordinary organization with a great mission,” Groman told TPM “It goes above and beyond legal requirements for online advertisers.”
Two months after he started, he’s got his first shot: The NAI on Tuesday released its annual compliance report, detailing the operations of and complaints against its members over the course of 2011.
NAI members voluntarily join the organization and pay membership dues to support the organization’s staff and the preparation of such reports, but they are also investigated yearly by the NAI and must comply with a lengthy and detailed code of conduct that contains numerous provisions, among them those that require them to post notifications on their websites that they are collecting personally identifiable information, those that prohibit the collection of data from children under age 13 without parental consent, and those that require “opt-in” consent before personally identifying information — your name, email, etc — is combined with non-personally identifying information — search queries and use of online products.
That last part is of critical importance lately, as it appears to be what Google is attempting to do by combining its multiple privacy policies to allow the company to better track users across products and serve up information such as when you’ll be late for a scheduled meeting, based on your Google Calendar entries and local traffic data.
“It’s a burdensome process,” said Groman, “Companies are committing publicly to comply with the code.”
By and large, the 2011 report paints a reassuring picture when it comes to how online advertisers are handling consumer information. Google, Microsoft, AOL and Yahoo, along with the majority of the other companies surveyed (only 60 in 2011, as that’s how many were part of the group then. The attendance has swelled to 80 since) all came out clean.
The 2011 NAI report found “that no member companies intentionally collect” personally identifiable information from Web users for “online behavioral advertising purposes,” conducive with years past (the NAI has been active since 2000).
In addition, the report found no violations of data related to healthcare and children, and had “comprehensive policies in place,” to govern how such information, was collected, stored and used.
However, the report did find seven complaints in 2011 and two instances of “non-compliance” — that is, two occasions where a company violated the NAI code.
The company in question, Epic Marketplace, was caught red-handed violating the code in July 2011 by another unrelated organization, the Center for Internet and Society at Stanford. Standford found that Epic was engaging in “history stealing” — a practice that allows someone to see which websites you’ve visited by running a script that checks which links appear darkened or have changed colors on each webpage you visit. Epic was running such a script on the websites of Flixter, a popular online movie listings directory, and cable internet service Charter.
However, as the NAI noted in its 2011 annual report, the organization began a review of Epic “within 24 hours” after Stanford published its findings online, published a preliminary report in October on its findings (they concluded that Epic had been violating the code) and has since slapped Epic with annual audits by an independent third party.
Groman pointed to that incident as an example that the NAI works better than “heavy-handed” government imposed guidelines on online advertising.
“We’ve established a strong regulatory program,” Groman told TPM.
But the new director of the NAI says that’s just the beginning of what he has in store for the group under his tenure. Groman pointed to the portion of the 2011 report that notes the NAI plans to “increase its technical monitoring of member companies,” and that member companies “be required to report the domains they use” for advertising — that is, all the other websites that they are advertising on. Other changes coming in 2012 include an updated website and more staffers at the organization.
But Groman thinks he has a strong base to build on, especially as the number of visits to the NAI’s relatively bare bones website soared in 2011 to 8.5 million unique visits, up 200 percent from 2010, especially to a consumer-facing “opt out” tool designed to allow Web users to disable information collecting by any or all of NAI’s members.
“I welcome with open arms all those questions and criticisms from other outside groups,” Groman said.