Rapidly changing and complex technology, the rise of “Big Data” and an increasing focus on digital advertising has made advertising legal compliance an increasingly complex area for companies. In-house attorneys and their outside counsel must wrestle with understanding the legal implications of new digital marketing and advertising technologies. The increasing use of newer technologies in this space requires that a company manage the privacy implications as well as the cybersecurity implications that come along with them.
Companies have participated in behavioral advertising for years by collecting data about consumers and targeting ads to these consumers based on data analysis about an individual’s preferences. However, the technology behind behavioral advertising has evolved, and companies have now started to use the data collected to build very detailed profiles about individuals, to track individuals across devices and to combine these detailed profiles about individuals with data obtained from other sources. Some of these new “hot” behavioral advertising technologies include programmatic advertising and data onboarding. Programmatic advertising is the serving of hyper-targeted ads on a real-time basis that draw on vast amounts of data such as cookies and other tracking technologies to create consumer profiles and serve more targeted ads to consumers. Data onboarding, on the other hand, involves companies providing a third-party “onboarding” provider with de-identified data originally derived from a consumer’s personally identifiable information (PII). The onboarding vendor then hashes the information and the hashed values are used to link to other data (provided by third parties and other offline data) to send a consumer much more targeted advertising than conventional behavioral targeting. Companies have also started to combine these technologies with cross-device tracking, which is where data collected about an individual is used to track that person across different devices. New technologies mean that it is necessary for companies to re-examine their privacy practices.
Although complying with self-regulatory guidelines like the Networking Advertising Initiative (NAI) Code of Conduct, the Digital Advertising Alliance’s (DAA) Self-Regulatory Principles for Online Behavioral Advertising and the FTC’s 2009 Staff Report “Self-Regulatory Principles for Online Behavioral Advertising” may provide a starting point for compliance, these guidelines may still not go far enough to avoid legal trouble when utilizing some of these newer advertising technologies. A company should delve deeper into understanding its own use of marketing and advertising technologies and the technologies of its third party vendors to avoid lawsuits, bad press, and catching the FTC’s attention. The FTC has set its sights on behavioral advertising and cross-device tracking in the last few years so it is increasingly likely that these issues will continue to be on the FTC’s radar. Continue Reading