Consumer protection in our digital age is becoming an ever more complex challenge, with technology constantly evolving and always “newer” new media emerging at lightning speeds. In recent years, online behavioral advertising has taken center stage as one of today’s most hotly-debated marketing practices. There seems to be a consensus amongst regulators that the industry, through self-regulation, should take on the challenge of establishing a transparent opt-out program for addressing privacy concerns and allowing consumers to choose not to have their data collected for future targeted ads.  However, the water gets more murky when it comes to online and mobile advertising to children.  Advertising to children is laden with issues and I’ve talked here on Madison Ave Insights about how the FTC and other regulators have taken a particular interest in children’s privacy and data security.

This year’s Children’s Advertising Review Unit (CARU) Annual Conference will discuss a number of critical issues in children’s advertising, including apps, social media, and location and other data security.  With more children online (even at school) in today’s age, how do we as advertisers ensure we are keeping kids safe?

The Way I See It

  • I see more challenges arising with new digital, mobile, and social media to address privacy and data security concerns through self-regulation, especially when it comes to children.  With new technologies emerging, the advertising industry is forced to adopt new standards to meet the issues for regulators and consumers.
  • A lot of progress has been made in recent years to address privacy and data security challenges raised by new technology and social media, including the CBBB’s self-regulatory guidelines that implemented the Ad Choices program to allow consumers to opt out of targeted online advertising.
  • I see an increasing commitment from the advertising industry to self-regulate when it comes to children’s issues, as well as new online and mobile platforms, which is a strong signal that the industry will meet calls from regulators to enforce privacy and data issues.

The Way The Industry Sees It

I sat down with Genie Barton, Vice President and Director, Online Interest-Based Advertising Accountability Program and Mobile Marketing Initiatives at the Council of Better Business Bureaus (CBBB), to discuss the effectiveness and challenges of online behavioral advertising (OBA), especially for children.

Online behavioral advertising (OBA) has been under the microscope in recent years with regulators and consumers.  How have you worked to address these issues and what do you expect to improve with OBA moving forward?

Regulators and privacy advocacy groups have varying degrees of concern about the collection and use of data to provide consumers with advertising that is based on their previous browsing activities across websites and time.  In addition, some consumers also have concerns, but there is a high degree of debate regarding consumer preferences. Some studies show significant concern, while others show that in real life scenarios, consumers prefer ads that are relevant over ads that are random.  But what I think we can all agree on is that the two largest areas of concern for regulators, privacy advocates and consumers stem from the largely “invisible” nature of online interest-based advertising.  The industry responded to those concerns, as expressed by the Federal Trade Commission in a staff report providing guidance on how to implement self-regulatory principles governing OBA, by creating consensus principles that provide the transparency and control that were missing.  I like to say that the DAA Principles took the mystery and potential “creepiness” out of interest-based advertising by providing real-time notice and a direct link to an easy-to-use opt-out. These innovations—the sideways blue triangle known as the AdChoices Option Icon, which appears in all interest-based ads, and takes the consumer to an explanation of OBA and a link to a choice mechanism—shine a light for consumers on interest-based ads.

How do you navigate the complexity of and constant changes in online and mobile advertising?  Any tips for advertisers?

I navigate this ecosystem with a lot of help from my friends and fabulous staff, and by constant reading and discussions with people in the industry. Just when I think I have a handle on something, there is another innovation. But that is what makes the job fun and keeps it fresh.  I would advise advertisers to make privacy a positive differentiator for their brand. To do this successfully, the advertiser has to be extremely careful with what companies it engages to guide it on developing an ad campaign. Be sure to deal with an agency and all others in the ecosystem that follow (and ensure that you will be following) the highest industry standards. While an OBA campaign can be the most effective way of reaching the right customer, doing it without the transparency and control provided by the DAA program can actually damage the brand and its relationship with its customers. A recent study showed that consumers prefer to do business with companies that engage with their customers on privacy issues. The study also showed that consumers click on ads with the icon more readily than on ads without it.  So providing consumers with transparency and choice is a positive for the bottom line.

Continue Reading CARU Annual Conference: Online Behavioral Advertising & Industry Self-Regulation for Marketing to Children

Surrounding a breakfast seminar, which was held at Davis & Gilbert today entitled, “Complying with the FTC’s Final Amendments to its COPPA Rule: What You Need to Know,” I thought a great post would be to examine that very topic.  In addition, I had the chance to speak to Wayne Keeley Director of the Children’s Advertising Review Unit (CARU) of the Council of Better Business Bureaus and interview him as my Q&A guest this week.

Advertising to children has long been laden with complex issues.  Advertising promoting products that target children have long faced criticism from consumer advocates and regulators who raise safety, health, or inappropriate content concerns.  In the digital age filled with online privacy and data collection concerns at every corner and constantly evolving technologies that put individuals – especially children – at risk, the Federal Trade Commission has increased its regulation and enforcement.  With the increased use of mobile technology and apps by children under the age of 13, the FTC initiated its review of the Children’s Online Privacy Protection Act of 1998 (COPPA) in 2010 to allow children’s advocates, website and app developers, and advertising executives and coalitions to chime in on how the FTC should update the outdated rule to protect children from the new dangers of social media, location-based software, video chatting, photo sharing, and more.  With COPPA’s expanded scope, the FTC is making an effort to ensure its regulations cover new technology and innovation.

The Way I See It

  • I see the new COPPA rule expanding the types of companies that are required to obtain parental permission before collecting data and information from children to reflect the digital world we live in today.  COPPA clearly covers mobile and tablet apps, location technology tools, voice recognition tools, social sharing networks including Instagram, Facebook, and Twitter, and online advertising networks, among others.
  • I see the FTC making strides in privacy and data protection regulation with the expanded COPPA provisions, and advertisers and marketers being forced to adapt to new rules for behavioral advertising in particular.
  • The advertising industry has long championed self-regulation for advertising to children, so while the new COPPA rules are broader, the industry may not have too many new practices to adapt.  Many have also begun taking stricter precautions in engaging with and advertising to children in anticipation of the expansion of COPPA.
  • I see that new restrictions on cookie-based and other identification systems could mean some websites targeting children may reduce or stop their use of advertising networks.

The Way the Industry Sees It


I sat down with Wayne Keeley, Director of the Children’s Advertising Review Unit (CARU) of the Council of Better Business Bureaus, to discuss the FTC’s recent amendments to COPPA and what it means for advertisers, tech innovation, and regulation.

Let’s start by discussing CARU’s response to the expansion of COPPA.  Does the regulation overlap areas of the CARU guidelines?  In what ways is the regulation new for the industry?

Rather than overlapping, I believe that the COPPA rule modifications have brought the COPPA Rule more in line with CARU’s Guidelines.  CARU’s Guidelines represent self-regulatory practices.  Self-Regulation can sometimes go beyond what is required in the law and/or regulatory standards.  For example, CARU’s guidelines went beyond the COPPA Rule in those instances where website operators had a reasonable expectation that a significant number of children will be visiting their websites.  In those instances, CARU said they should employ age screening mechanisms to determine whether verifiable parental consent or notice and opt-out is necessitated.  The old COPPA Rule had an actual knowledge standard.  Under the new Rule, however, the FTC has provided an option for websites with mixed audiences that is closer to our self-regulatory model by providing that sites that target children as a secondary audience can screen users via an age gate.  Accordingly, operators will be required to provide notice and obtain consent only for those who identify themselves as under 13. This is a great example of how the experience gained under self–regulation can make a positive contribution to fashioning workable regulatory approaches as well.  The regulation is also new for the industry in that definitions are added and expanded and the FTC’s oversight of safe harbor programs is enhanced and strengthened. The new definition brings the collection of information for behavioral advertising within the regulation for the first time and will require child-directed sites to obtain parental consent before allowing the collection of information for interest-based advertising on their sites even if that information does not identify a specific child.

What does CARU see as the biggest threat to child safety and protection (i.e., location-based technology, personal data collection, etc.)?  Are there certain trends in social media or mobile technology that are red flags for CARU?

CARU has always seen the collection of personal information from young children as an important issue and had adopted data collection guidelines even in advance of the COPPA legislation.  That aspect has not changed.  The modified COPPA Rule responds to technological innovation (e.g., geo-location based technology) and current technology use (e.g., increase in use of Smartphones by children).  Social media and mobile technology have always been on CARU’s radar from their inception.  Their importance to CARU has grown in direct proportion to the increasing number of young children accessing social media and mobile technology.  While young children are increasingly adopting mobile and social media technology, the basic concerns underlying the creation of CARU – that young children are a vulnerable audience and therefore need protection – remain the same.  We look forward to working with responsible industry members to assure that these concerns are addressed. This is particularly true in the expanding area of mobile apps which are developing rapidly and are subject to the new COPPA rule as well as CARU’s general guidelines if they are child-directed.

Continue Reading Understanding the FTC’s Expansion of COPPA: A Conversation with the Director of the Children’s Advertising Review Unit

February 1st was a big day for the Federal Trade Commission (FTC). Not only did the FTC release its report regarding mobile privacy disclosures, it also announced that it had reached a settlement with Path, a social networking app, which agreed to pay $800,000 to settle charges that it deceived users by collecting personal information from their mobile address books without their knowledge and consent, and that it collected personal information from children without their parents’ consent in violation of the Children’s Online Privacy Protection Act (COPPA).

The FTC’s report entitled “Mobile Privacy Disclosures: Building Trust Through Transparency” provides specific recommendations on improving mobile privacy disclosures for mobile platforms, app developers, advertising networks, and other third parties. Most notably, the report recommends that mobile platforms provide “just-in-time” disclosures to consumers and obtain their affirmative consent before allowing apps to access sensitive content, such as geolocation data. The report also recommends that mobile platforms consider providing “just-in-time” disclosures and obtain affirmative consent for other sensitive content, such as contacts, photos, calendar entries and audio/video content. The report further recommends that mobile platforms consider developing a one-stop “dashboard” approach to allow consumers to review the types of content accessed by the apps they have downloaded as well as icons to depict the transmission of user data. The report recommends that mobile platforms consider offering a Do Not Track (DNT) mechanism for smartphone users and makes several other recommendations aimed at providing better disclosures to consumers regarding mobile privacy.

The report also makes a number of recommendations to app developers, including that they have a privacy policy that is easily accessible through the app stores, provide “just-in-time” disclosures and obtain affirmative consent before collecting and sharing sensitive information, improve coordination and communication with ad networks and other third parties and participate in self-regulatory programs and industry organizations. In addition, the report recommends that advertising networks and other third parties communicate with app developers so that those developers can provide truthful disclosures and work with platforms to ensure effective implementation of DNT. Finally, the report suggests that app developer trade associations, academics and experts develop short-form disclosures for app developers, promote standardized app developer privacy policies and educate app developers on privacy issues.Continue Reading FTC Announces Mobile Privacy Disclosure Guidelines

The Federal Trade Commission (FTC) ended 2012 with a bang by adopting final amendments to the Children’s Online Privacy Protection Act (COPPA). For those of us who work in children’s advertising, these long awaited amendments came as no surprise. The final amendment, which goes into effect on July 1, 2013, came only weeks after the FTC issued a report that found that mobile applications have demonstrated “little progress” in addressing concerns about the privacy of children’s data.

COPPA was first enacted in 1998 and requires that operators of websites and online services that are either directed to children under thirteen or have actual knowledge that they are collecting personal information from children under thirteen notify parents and obtain their verifiable consent before collecting, using or disclosing personal information from children. The FTC initiated the review to ensure that keeps pace with evolving technology, such as mobile devices and social networking. In other words, the FTC wanted to ensure that COPPA protects the six year old child you see on the bus everyday playing with his parent’s iPhone.

Fast forward to the present. In a move intended to give parents greater control over data collected about their children online, the recent amendments to COPPA increase its scope, requiring additional types of companies to obtain parental consent before collecting personal information from children under thirteen. Specifically, child-directed sites or services that integrate outside services, such as plug‑ins and advertising networks, which collect personal information, are now covered by COPPA. Plug‑ins and ad networks whose operators have actual knowledge that they are collecting personal information through a child-directed website or online service are also now subject to COPPA. In addition to expanding the kinds of companies under COPPA’s purview, these amendments also expand the types of information sites and services are not permitted to collect, use or disclose without parental consent. Geolocation information, photos, videos, and audio files that contain a child’s image or voice, and persistent identifiers that can be used to recognize users over time and across different websites all require parental consent prior to collection. One important exception to the rule is any circumstance in which an operator collects a persistent identifier for internal operational purposes-for example, site analysis and network communications. In such instance, no parental consent is required.Continue Reading FTC Amends COPPA to Strengthen Children’s Privacy Protections