Nick Stringer is the Director of Regulatory Affairs at the IAB. Here Stringer discusses the implications of the new directive, the self-regulatory approach, and the setting up of an IASH-styled group to police European compliance
Can you give some overview on where we are in terms of the industry’s self-regulatory approach agreed with the EU? Does it have the backing of ICO and the EU?
The European advertising industry (that includes bodies representing advertisers, networks, publishers, agencies) published a pan-EU self-regulatory initiative for behavioural advertising in April this year following a process of engagement with the European Commission and consumer / civic society groups. Like a similar cross-industry initiative in the USA, its aim is to enhance transparency, user control and protect privacy by placing an ‘icon’ in display ads using this technique. The icon will link to ways to manage preferences, further information and a way to switch it all off altogether via www.youronlinechoices.eu. The site will eventually be available in all 16 official languages of the European Union. The project is as a result of almost two years work and started before the revised ePrivacy Directive came into being in November 2009. The European Commission has been very supportive of the progress we are making and the UK Government has explicitly endorsed the initiative.
It looks likely that EU member countries will interpret the directive in different ways. How wary should pan-European advertising businesses be about this fragmented approach?
The revised ePrivacy Directive raises some significant implementation issues. It is not a clear Directive as is demonstrated by the fact that most countries have yet to implement it into their national laws (the deadline was 26 May). The UK Communications Minister, Ed Vaizey, described it recently as “well-meaning regulation that will be very difficult to make work in practice” and the UK Government has tried to provide a steer to the UK and the rest of Europe as to how to implement it in a pragmatic, user- and business-friendly manner. The Directive will cover almost all cookie use and so not just for behavioural advertising purposes. However, whilst not initially intended as a compliance mechanism, the self-regulatory approach for behavioural advertising will offer a harmonized approach across Europe: for business and internet users. The new law is a lesson for the sector: police ourselves or the policy-makers will try to do it for us and look at the results so far…
What can these companies do to protect themselves legally when trading across the European market?
For behavioural advertising (and that includes retargeting) the best advice the IAB can offer to networks and publishers is to sign up and be part of the self-regulatory programme. Over 60 businesses across Europe already have done so and many more are committing by the day. Other cookie uses will still need to comply and we suggest businesses initially look to offer greater transparency on how they work and what they do.
Can you give some more insight into the new icon that will appear on behaviourally targeted ads in Europe – and how advertisers and ad vendors can sign-up? How will DoubleVerify, Evidon and TRUSTe be involved in the process of implementing the icon?
Our commitment to the European Commission (in the UK and other large advertising markets) is that 80% of behaviourally targeted ads will have the icon by June 2012. The obligation falls upon networks and other third parties to deliver this but it does not exclude third party vendors from helping achieve this goal. We want internet users to see the icon and learn how it works as soon as possible right across Europe.
How will the IAB and industry police this new self-regulatory approach?
Industry has agreed a robust compliance and enforcement system to back up this programme. We will introduce a system – similar to IASH in the UK – to independently monitor third party compliance across Europe. This will be backed up by a new trading seal providing the market with confidence on who they are working with and ensuring a commercial incentive (on behalf of the third party) to be part of the scheme. This will be complemented by the existing ‘name and shame’ sanctions of the Advertising Standards Authority at a national level who will step in to address any consumer complaints that are not dealt with initially by the business itself. It’s a double independent enforcement system.
Will the self-regulation be enough to meet the “explicit consent” required for third cookie tracking as outlined in the new directive?
The new law requires informed consent and this was confirmed in a recent ‘open letter’ from the UK Government. See www.dcms.gov.uk/wp-content/uploads/publications/cookies_open_letter.pdf. The EU self-regulatory initiative for behavioural advertising has been framed over many months and the UK Government fully supports our approach. The ICO has also said it is a “step in the right direction.”
What should publishers and content providers, who are using third party cookie tracking to target ads, do to protect themselves legally? Should they have the opt-out have to appear on homepage? Will an insertion in a site’s T&Cs suffice?
The IAB encourages publishers to sign up to the EU Framework and many – such as the Financial Times, Guardian, Telegraph, BBC.com and Yell – have done so already. We encourage publishers to explore carrying the icon itself on their sites, although networks will be obligated to in or around the ad itself.
Now that that we are passed May 26, how does our industry live with the new directive?
In the UK the new law is now in place. However the UK Government and ICO have stated that it will be implemented in a phased approach over the next year (the ICO has confirmed that it will not enforce the law in the first 12 months). That doesn’t mean we can sit back. In behavioural advertising we’ll be progressing the self-regulatory work to meet our commitments to the European Commission and to the public.