|Title:||AdChoices? Compliance with Online Behavioral Advertising Notice and Choice Requirements (Revised October 7, 2011)|
|Authors:||Saranga Komanduri, Richard Shay, Greg Norcie, Blase Ur, Lorrie Faith Cranor|
|Publication Date:||March 30, 2011|
Online behavioral advertisers track users across websites, often without users' knowledge. Over the last twelve years, the online behavioral advertising industry has responded to the resulting privacy concerns and pressure from the FTC by creating private self-regulatory bodies. These include the Network Advertising Initiative (NAI) and an umbrella organization known as the Digital Advertising Alliance (DAA). In this paper, we enumerate the DAA and NAI notice and choice requirements and check for compliance with those requirements by examining NAI members' privacy policies and reviewing ads on the top 100 websites. We also test DAA and NAI opt-out mechanisms and categorize how their members define opting out. Our results show that most members are in compliance with some of the notice and choice requirements, but two years after the DAA published its Self-Regulatory Principles, there are still numerous instances of non-compliance. Most examples of non-compliance are related to the "enhanced notice" requirement, which requires advertisers to mark behavioral ads with a link to further information and a means of opting out. Revised October 7, 2011.
Full Report: CMU-CyLab-11-005