In Reversal, IAB Says Congress Should Consider Privacy Legislation

The Interactive Advertising Bureau, which has long argued that the industry should be allowed to regulate itself on privacy, now says lawmakers should consider "sensible" legislation.

"A uniform federal privacy standard could provide clarity, market certainty, and add fuel to future innovation, while preserving the value and benefit that online advertising brings to the internet ecosystem," David Grimaldi, executive vice president for public policy, says in a letter sent Monday to leaders of the Senate Commerce Committee.

"The exponential growth and innovation in the digital advertising industry over the last decade has been revolutionary for consumers," the letter states. "However, additional work must be done to promote consumer trust and safety. We believe the time is now to consider sensible legislation to address these pressing challenges."

The letter comes two days before representatives from Google, AT&T, Twitter and other tech companies are slated to testify at a Senate hearing about privacy. Federal lawmakers have previously examined online privacy without passing legislation. But recent events -- including the revelation that political consultancy Cambridge Analytica harvested data from up to 87 million Facebook users -- have sparked a new push for regulations.

Grimaldi says the IAB hopes to help shape any potential legislation.

"The backbone of the internet economy is at stake here, and we just have to think before we act," he tells MediaPost.

"When pen gets taken to paper," he adds, "we just want to make sure the collection and use of data isn't altered."

He elaborates that the industry is particularly eager to avoid federal legislation that could mimic Europe's General Data Protection Regulation -- which requires ad companies to obtain consumers' opt-in consent in many circumstances -- and California's recently enacted privacy law.

The ad industry's current self-regulatory program requires companies to notify consumers about online tracking -- or the collection of data across multiple sites and apps. The self-regulatory principles require companies to obtain consumers' explicit consent before serving them targeted ads based on financial information, data about medical conditions or other information that the industry considers "sensitive." The principles also require companies to allow consumers to opt out of receiving ads targeted based on "non-sensitive" data.

California's new law, slated to take effect in 2020, allows consumers to learn what personal information about them is held by businesses, and to opt out of the sale of that information. Soon after California passed the law, tech companies reportedly began pressing Congress to develop a federal privacy law that would trump individual state laws.

The IAB says in its letter that privacy regulations "should provide meaningful consumer controls that are technologically neutral, proportionate to consumer risk, and encourage industry best practices."

The organization adds it's concerned that the GDPR and the new law in California "will result in a patchwork of varying state laws and consumer confusion, and would negatively impact the online user experience."

Next story loading loading..