Marc Groman is only a few months into his tenure as executive director and general counsel to the Network Advertising Initiative. He already has plans in place to update some of the self-regulatory group’s aging assets and broaden the industry dialogue with advocacy groups about digital advertising privacy practices.
He says he is pleased with the results of the NAI’s annual compliance report, which showed broad compliance with the NAI rules. “Self-regulation with accountability is what the NAI is trying to provide,” he says. “The compliance report is solid evidence of that core mission.” The group this year nearly doubled the number of companies it audited for the report, 60 in all. It expects to review 80 in 2012. Groman comes to the NAI after a decade serving various capacities on Capitol Hill on privacy issues. Most recently he was the Chief Privacy Officer at the Federal Trade Commission.
And while the report does represent an industry association regulating and auditing its own members, Groman insists the process is rigorous and not always welcome: “I would be lying if I said our members love it when the compliance report comes around.” The NAI staff engages in a protracted back and forth with companies to ensure their reports are complete. He says that NAI participants are investing in the process. “Many of our members are spending a considerable amount of money now on self-regulation.”
In taking on leadership of the NAI, Groman is looking forward and plans a number of updates this year. Some of his policy ideas will be laid out on Feb. 22 at the OMMA Data & Behavioral event in New York, where he will be a keynote speaker. Groman wants to see the discussion of online privacy and self-regulation more directly engage policy makers and advocates as well as industry stakeholders.
At the NAI specifically, plans are underway to relaunch its site sometime this year to make it more user-friendly. Even though the site, which hosts opt-out mechanisms for its members, saw a near doubling of opt-outs last year to 840,000 in all, an overhaul had been recommended.
The larger project this year will be an updating of the NAI code itself. The last time the NAI revised its rules of conduct was 2008, and a good number of issues, technologies and business models have appeared since then. Mobile platforms, for instance, currently are not even addressed. Groman says updating the code "will be a transparent process. We will put a draft up and encourage all stakeholders to respond and have the code updated by the end of 2012.”
Self-regulation has not only become a policy and process, but a business as well. While the NAI has been imposing a code of conduct on its online network advertising providers for a number of years, its acronym now mixes freely in the press with IAB privacy initiatives, private companies that are licensing compliance solutions, and especially the consortium of organizations under the Digital Advertising Alliance banner.
Groman is involved with the DAA but says the distinction between the two groups is important. While the DAA embraces all aspects of the marketing supply chain, from publishers to ISPs to offline ad and business organizations, the NAI is focused solely on third-party ad networks. “We are at core a self-regulatory body.” Members can only participate if they agree to code of conduct and agree to be audited for compliance.
Not all of the NAI members, for instance, currently use the in-ad icons that the DAA is promoting, but Groman says his group does encourage those companies in a position to use them to do so. And the NAI is very tightly focused on behavioral targeting. “[We don’t] claim to be the solution to all privacy issue related to advertising or the Web,” he says.
Groman would like to see self-regulatory principle expand to a broader range of marketing business models, like data collection and the merging of offline and online data. In fact, after speaking with policy and advocacy groups, he suspects that online behavioral advertising (OBA) may not be the greatest concern in 2012. “There is everything from IP addresses to browser fingerprinting to other business models of using offline data online,” he says. “What is the future of self-regulation in respect to those models? Do they belong in the NAI? I don’t have an answer to that."