IAB Makes Recommendations on Privacy
The industry group for Internet advertising sets standards formembers' privacy policies.
Taking a stand on the hot-button privacy issue, the Internet Advertising Bureau this week issued privacy guidelines by which its membership must abide.
The guidelines are fairly basic, requiring that members have a privacy policy designed to protect consumers’ personally identifying information, that they post it, and that they conform to it.
“In effect, we have established a baseline for IAB member companies to ensure the protection of individual’s privacy,” said Rich LeFurgy, IAB chairman and general partner of WaldenVC.
No provisions were laid out regarding enforcement of these guidelines.
Under the new guidelines, a company’s privacy policy must be linked to from its home page, and from any page on which it is collecting personally identifiable information.
That policy should outline what information is collected, how it’s collected, how it’s being used, and what choices consumers have with regard that information. That information, says the IAB, should never be used in any ways not disclosed to the consumer at the time of collection.
Interestingly, the IAB also says that companies should link to the privacy policies of third-party ad servers — an issue that has come up in regard to the practices of ad company DoubleClick Inc.
Another provision that appears to have sprung from the DoubleClick privacy debate: the requirement that companies disclose whether they are linking the data they gather with third-party data. DoubleClick came under fire when it was learned that the company planned to merge data collected by “cookies” with data it acquired when it bought Abacus Direct.
The use of these cookies, and the logging of clickstream data, should also be disclosed in the policy, according to the IAB.
Additionally, the IAB says that consumers must have an opportunity to opt-out, companies must take steps to ensure the security of the personally identifiable data, and companies doing business in Europe need to abide by Department of Commerce International Safe Harbor Principles.
The IAB guidelines can be found here.
