The self-regulatory group Network Advertising Initiative has issued guidance that expands on new requirements in its updated privacy code, including the mandate to obtain consumers' opt-in consent before collecting or using “sensitive” data for ad delivery and reporting, as well as for ad targeting.
The new guidance provides that consent provided solely through platforms won't meet the code's requirement. Instead, ad-tech companies that belong to the organization may only use sensitive data -- including precise location data, sensor data and personal directory information -- if consumers are informed that the data will be used for advertising.
The new rules for opt-in consent apply when ad-tech companies receive precise location data, but then segment the data so that it becomes imprecise. But if ad-tech companies receive data that is already segmented or has been made imprecise, they don't need to obtain consumers' opt-in consent.
The guidance also provides that disclosures must be “clear and conspicuous,” and given “just-in-time” -- meaning when consumers are asked to consent.
The NAI says it recognizes that many of the ad-tech companies that belong to the group don't themselves interact with users. Instead, app developers typically are the ones that disclose data collection practices and seek consumers' consent.
In those situations, the guidance provides that ad-tech companies with a “direct contractual relationship” with publishers or app developers must “take steps to contractually require that website or application provide a just-in time interstitial notice or message with a level of detail that addresses the intended purposes and sharing of the data.”