Report on the FTC Cross-Device Tracking Workshop

NAI was honored to represent our members and serve as an industry voice at the recent Federal Trade Commission (FTC) Cross-Device Tracking Workshop held on November 16 in Washington, DC. As described by the FTC, the workshop was organized to “examine the practice of collecting data through [multiple] devices and the potential wide-ranging effects on consumer privacy.”

NAI has been working with our member companies as the digital landscape has evolved toward a multi-device, multi-platform environment. We are closely examining our members’ products and offerings, and the privacy and technology challenges presented by this technology. At the same time, we have been working to educate policymakers in Washington, including the FTC, on cross-device linking technology, and our members’ efforts to create new technology-enhanced advertising products in a privacy-friendly way.

I participated on the Policy Perspectives on Cross-Device Tracking panel and Jurgen J. Van Staden, NAI’s Director of Policy, participated on a panel entitled, A Technological Perspective on Cross-Device Tracking. The workshop included a lively discussion and debate among panelists on a variety of issues. Here are Jurgen and my views on the event:

• As I said at the event, cross-device linking, and the online behavioral advertising it enables, is not evil. Our members are not deploying it with ill intent. Online advertising fuels an innovative, $150 billion industry that supports the Internet economy, and enables millions of consumers to enjoy and utilize free content, commerce, and tools.
• Cross-device linking is not a new form of online advertising; it’s a technical evolution within digital advertising itself, and it enables a seamless, consistent experience across a consumer’s many different devices. NAI members provide a vital service to the internet economy by acting as the pipes through which advertisers are able to reach the right consumers at the right time – and publishers are able to monetize their sites – thereby enabling the continuity of the free Internet we all enjoy today.
• All parties in the internet ecosystem have the obligation to be transparent about their data collection and use, for all purposes including advertising, and to educate consumers to ensure that they understand how their data is being used.
• The use of securitized data, through technologies such as hashing and salting, allows companies to reap the benefits of the data without sacrificing strong privacy protections, particularly when backed with additional controls such as contractual provisions, data minimization and retention restrictions, and self-regulatory restrictions against re-identification.
• NAI members are subject to these additional controls. They are required to implement reasonable security controls for any and all data that is transferred and processed for cross-device linking purposes. In addition, NAI members employ data minimization and data retention restrictions to minimize the amount of data used and processed for cross-device linking. Further, NAI members commit to maintain non- Personally Identifiable Information (PII) as non-PII, and must pass on such restrictions to companies with whom they work to prevent the downstream re-identification of data.

NAI members engage in responsible practices, and provide these (and other) additional controls, all within a framework of the NAI Code of Conduct.

Stay tuned to our blog for updates as we continue to work with our members on this important issue.