NAI Unveils New Guidance for Consumer Consent


On December 2, the Network Advertising Initiative (NAI), a self-regulatory association for data collection and digital advertising tech companies, issued new guidance that expands upon requirements in its privacy code. Changes include “the mandate to obtain consumers’ opt-in consent before collecting or using ‘sensitive’ data for ad delivery and reporting, as well as for ad targeting.”

Tech companies that have advertisements and belong to NAI can only collect sensitive data, such as precise location, if consumers are informed that their data will be used for advertising purposes. The data disclosure information to consumers must be “clear and conspicuous” by “detail[ing] the proposed uses of the data” and given “when consumers are asked to consent.” This informed consent applies to ad tech companies and their third parties, including web developers, to meet these criteria. Companies that only receive raw data for certain data types, such as “Precise Location Information, Sensor Data, Sensitive Data, and Personal Directory data” will require opt-in consent. If data received is altered, such as being segments or imprecise no opt-in consent is needed. In most cases, platform-provided consent is not sufficient to comply with these new guidelines.

“When consumers are asked by apps to approve the collection and use of their data, they deserve to know how that data is being used and who it is being shared with,” Leigh Freund, NAI President and CEO said. “This Guidance responds to consumer concerns that the level of transparency for data collection in mobile apps is insufficient. While there has been a lot of attention on consumers’ Precise Location Information, this set of requirements doesn’t stop there. Instead, it extends more broadly… These are changes that need to take place consistently across the ecosystem to enhance the level of notice and choice that consumers deserve.”

The new Code of Conduct, with its expanded opt-in consent requirements, will go into effect on January 1, 2020. The expansion is important in the wake of many data privacy issues and lawsuits.