• by Wendy Davis  @wendyndavis, February 7, 2013

In recent months, the Federal Trade Commission as well as the California Attorney General have issued recommendations for mobile privacy. Now, the self-regulatory group Network Advertising Initiative says it plans to develop mobile privacy standards.

In its latest annual compliance report, released on Thursday, the group says it intends to adopt guidelines this year to address the collection and use of data from smartphones and other mobile devices. The NAI also plans to develop rules that will address the tracking technology used by mobile ad networks.

Executive Director Marc Groman adds that the NAI will explore how data is transferred between apps, and how location information is collected and stored. Current NAI rules require companies to notify users about online behavioral advertising and allow them to opt out of receiving behaviorally targeted ads.

The NAI currently has almost 100 members, but that's only a fraction of the ad networks engaging in some form of online behavioral advertising, or serving ads to people based on their Web-surfing history. Groman says he hopes more companies will join, adding that developing mobile guidelines might spur mobile networks to become members.

The NAI says in its report that educational sites it runs, as well as the self-regulatory group Digital Advertising Alliance, drew 10 million unique visitors in 2012. Around 14% of the visitors to the NAI's educational site last year went to an opt-out page, the NAI told Online Media Daily. The prior year, 8 million unique visitors went to the NAI's site, and 10% of them visited the opt-out page. (The new report is the first one to include data about visitors to the DAA's page.)

While the NAI and DAA currently offer visitors the ability to set opt-out cookies, browser manufacturers now offer do-not-track headers that theoretically could allow people to opt out of all behavioral targeting with a single click. That type of mechanism is more persistent than the opt-out cookies, largely because privacy-conscious users tend to delete their cookies.

But Web companies haven't yet figured out how to respond to do-not-track headers. A committee of the Internet standards group World Wide Web Consortium (which includes the NAI) has been trying to forge a consensus for interpreting the do-not-track signals, but remains at a standstill. Self-regulatory groups, including the NAI, don't currently require members to honor those signals.

Groman says the NAI has concerns about how browser-based tools will be implemented and interpreted. "We wouldn't necessarily object to an additional tool that is part of a browser that gives consumers another mechanism for choice," he says. But he says the NAI feels strongly that the header should not be turned on by default. Microsoft activates do-not-track by default in Internet Explorer 10.

The compliance report also says that 2012 marked the first year the NAI began using automated crawlers to determine whether members were allowing people to opt out of receiving targeted ads. The group says that opt-out links usually worked, but that the automated testing uncovered "a number of possible issues." Most were fixed within 24 hours, the NAI says.

The report reflects that the NAI now requires members to disclose behavioral-advertising segments based on any activity related to health or medical issues. In the last year, Web companies like Microsoft, Yahoo and AOL began disclosing on their sites that they allow companies to target users based on health conditions.