Digital Advertising Alliance Releases Principles for Multi-Site Data

On November 7th, the Digital Advertising Alliance (“DAA”), the self-regulatory coalition comprised of the largest media and marketing associations in the U.S., including the American Association of Advertising Agencies, the Association of National Advertisers, the American Advertising Federation, the Direct Marketing Association, the Interactive Advertising Bureau and the Network Advertising Initiative (NAI), announced Principles for Multi-Site Data (“Principles”). The Principles are intended to expand the scope of the DAA’s Self-Regulatory Principles for Online Behavioral Advertising (“OBA Principles”), which were released in 2009 and implemented in early 2010.

According to the OBA Principles, online behavioral advertising (“OBA”) is the “collection of data from a particular computer or device regarding Web viewing behaviors over time and across non- Affiliate Web sites for the purpose of using such data to predict user preferences or interests to deliver advertising to that computer or device based on the preferences or interests inferred from such web viewing behaviors." The OBA Principles restrict the collection and use of data after the consumer opts out of certain OBA tracking. According to the DAA’s press release, the new Principles extend the self-regulatory process and consumer opt-out “beyond collection of data for OBA purposes and apply [it] to all data collected from a particular computer or device regarding Web viewing over time and across non-affiliate Web sites,” which is also the definition of “Multi-Site Data” adopted by the DAA.

The Federal Trade Commission (“FTC”) and others had criticized the OBA Principles for various shortcomings, including the fact that the opt-out mechanism did not sufficiently allow consumers to block ads based on their browsing habits, did not allow consumers to stop data collection or the placement of cookies on their computers and that it only allowed consumers to opt out of receiving targeted advertising and to manage their behavioral advertising interest categories. The FTC further complained that consumers using the DAA’s opt-out believe they are opting out of being tracked and not just opting out of receiving targeted advertising. In response to these critiques, the DAA developed the new Principles to allow consumers to block additional types of Internet data collection, beyond OBA.

Specifically, the new Principles contain the following requirements:

  • Creation of transparency in the data collection practices of entities that collect data across unrelated web sites for purposes other than OBA (i.e., inclusion of clear, meaningful, and prominent notice on a participating entity’s web site that describes its data collection and use practices, as well as a notice that the entity complies with the Principles).
  • Provision of consumer control regarding Internet surfing across unrelated web sites (i.e., allowing users of web sites where data is collected the ability to choose whether data is collected and used or transferred to a non-affiliate, and providing disclosures and links that make consumers aware of this choice).
  • Prohibition of the collection, use or transfer of Internet surfing data across web sites for determination of a consumer’s eligibility for employment, credit standing, healthcare treatment or insurance.
  • Compliance with the Children’s Online Privacy Protection Act (COPPA) (i.e., entities should only collect and use “personal information,” as defined by COPPA, from children under the age of 13 in a manner that is COPPA compliant, unless such collection or use is otherwise exempted by COPPA).
  • Implementation of specific protections for health and financial data (e.g., financial account numbers, Social Security numbers, pharmaceutical prescriptions, or medical records).

The Principles are not applicable in the following situations:

  • Operations and system management, including, intellectual property protection; compliance, public purpose and consumer safety; authentication, verification, fraud prevention and security; authentication, verification, fraud prevention and security billing or product or service fulfillment;
  • Reporting and delivery (i.e., the delivery of online content, advertisements or advertising-related services based upon the logging of Multi-Site Data on a web site(s) or the collection or use of other information about a browser, operating system, domain name, date and time of viewing of the Web page or advertisement, impression information (e.g. web analytics, optimization, etc.));
  • Market research (i.e., the analysis of market segmentation or trends; consumer preferences and behaviors; research about consumers, products, or services; or the effectiveness of marketing or advertising) or product development (i.e. the analysis of the characteristics of a market or group of consumers; or the performance of a product, service or feature, to improve existing products or services or to develop new products or services). Market research and product development are exempt because such data is not re-identified to market directly back to, or to otherwise re-contact a specific computer or device; and
  • Where the Multi Site Data has or will within a reasonable period of time from collection go through a “de-identification process” (i.e., the entity has taken reasonable steps to ensure that the data cannot reasonably be re-associated or connected to an individual or connected to or be associated with a particular computer or device).

Like the OBA Principles, the new Principles are self-regulatory principles that must be adopted by DAA members, but may not be adopted by other entities. DAA plans to implement the new Principles in early 2012. The full text of the new Principles is available at The OBA Principles are available at