Tuesday, January 10, 2012

Online Ad Code Not in Compliance with European Data Protection Laws: Working Party

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

Self-regulatory standards for online behavioral marketing adopted in April 2011 by two major European industry associations are not adequate to ensure compliance with current European data protection laws, according to the Article 29 Data Protection Working Party.

The Working Party—an independent advisory body consisting of representatives from the data protection authorities of European Union member states—has issued an opinion assessing the Best Practice Recommendation on online behavioral advertising adopted by the European Advertising Standards Alliance (EASA) and the Internet Advertising Bureau Europe (IAB).

Notice of Behavioral Advertising

The EASA/IAB’s proposed framework recommends that websites use a particular icon to provide notice of behavioral advertising practices. The icon would be linked to an informational website at www.youronlinechoices.eu. On this site, users would be able to opt out of behavioral advertising by selecting specific company names from a list of advertising networks.

In the Working Party’s view, this approach does not properly inform website visitors about the use of cookies, as required by the e-Privacy Directive. Average web users would not be able to recognize the icon’s meaning without any additional description, the Working Party said. The icon should be accompanied by other forms of notice, which would include information as to what types of information are being collected and by whom.

Consent to Cookies

In addition, the Working Party noted, the e-Privacy Directive requires that consent be obtained before cookies are placed on users’ computers or information stored on the users’ computers is collected. The EASA/IAB framework, instead of seeking prior consent, was said to provide a way for users to exercise “choice”—which amounted to opting out of further data collection. This “choice” did not meet the requirements of the directive, the Working Party said.

The Working Party also expressed concern that the EASA/IAB self-regulatory code did not contain provisions on the amount of data collected and the period of time the data would be retained.

Tracking Web Surfing

Moreover, the EASA/IAB standards and website created an incorrect impression that it was possible to choose not to be tracked while surfing the web, the Working Party said. This misapprehension could be damaging to users, as well as to the advertising industry, if advertisers are led to believe that by applying the code they meet the requirements of the e-Privacy Directive.

Full text of the Working Party’s Opinion 16/2011 on EASA/IAB Best Practice Recommendation on Online Behavoural Advertising appears at CCH Privacy Law in Marketing ¶60,710 and here on the European Commission’s website.

No comments: