TrustArc Blog

DAAC New Guidance on Enhanced Notice

November 09, 2015

online privacy

The Digital Advertising Alliance of Canada (DAAC) recently published new guidelines on enhanced notice. To explain these changes, the DAAC held a series of webinars on guidelines, implementation and enforcement.

In the announcements, the DAAC listed the expectations of the Office of the Privacy Commissioner (OPC):

“• Individuals must be made aware in a manner that is clear, understandable and obvious; not buried in a privacy policy

  • Organizations should be transparent; communicate to users
  • Individuals should be informed of these purposes at or before collection; provided with info about all parties involved
  • Individuals are easily able to opt-out
  • The opt out is immediate and persistent
  • The information is limited to non-sensitive information
  • Information is destroyed as soon as possible or effectively de-identified”

The OPC constantly monitors the market and recently conducted a study to see how the industry was adopting the guidelines. The findings were positive — 96% of OBA ads targeted had notice on them.

The DAAC Program is based on six key principles that are consistent with Canadian Privacy laws (PIPEDA) and the OPC OBA Guidelines.

  1. Education.

– Companies should direct users to the DAAC program’s website or provide information about OBA. The DAAC showcased Yahoo’s page as an example of an “easy to read” education page. Here is a sample of TRUSTe’s Preference Manager Page below. The DAAC also runs its own education campaign about the program.

PreferenceManager

  1. Transparency.

– Canadian guidelines allow the icon “in or around” OBA ads and the site notice must be “above the fold” of the website or as high on the page as possible. DAAC licensed the AdChoices icon from the Digital Advertising Alliance (DAA) since it has a high level of consumer recognition.

– An easy-to-use opt-out is only one or two clicks away. In addition, ads should avoid using the icon where it may overlap with logos, text, or replay buttons.

– The DAAC also discussed icon collision, and prescribes that the last party to touch data must be the one to serve the icon.

– The DAAC notes that if first parties rely on third party notices, first parties should check that all third parties are members of the Canadian Ad Choices program for full coverage. There is an industry trend that some first parties are putting this requirement in contracts with third parties.

  1. Consumer Control.

– Consumers need access to a mechanism to opt-out of interest-based advertising. Consumers can do this on either the DAAC website or install the DAAC’s browser plug-in.

– The DAAC has their own website and a browser plug-in called “Protect My Choices” for consumers to opt-out.

  1. Data Security.

– Companies need to take measures to protect data from loss, misuse and unauthorized access, and retain data only for as long as necessary to fulfill a legitimate business need. Administrative, technical and physical safeguards should be appropriate to the sensitivity of the information involved.

  1. Sensitive Personal Information (SPI).

– The use of SPI for OBA requires consent, and consent needs to be obtained in accordance with Canadian privacy regulations. Examples of sensitive data may include financial information (e.g. credit score), criminal record, health information, sex life/orientation.

  1. Accountability.

– The Advertising Standards Canada (ASC) is Canada’s advertising industry self-regulatory body. The ASC administers the accountability component of the DAAC’s Ad Choices program. In 2015, the ASC reviewed first & third party participants and 60+ consumer complaints. The ASC plans to start active enforcement of the program this month and release their first report at the end 2015.

In order to effectively deploy the DAAC program, or any OBA compliance program it is recommended companies form a team consisting of people from legal, marketing, media communications, and IT depending on the company’s business model. The team will need to work together to learn the requirements of the program, and then select an approved vendor to work with to implement the notice and choice on in-ad and/or website. TRUSTe is one of the DAAC approved providers of serving the OBA icon in-ad and on site.

What’s next? The DAAC explained that they are currently working developing creative guidelines for using the AdChoices icon on mobile websites and apps. As part of expanding the use of the icon in mobile, an opt-out app and a mobile web optimized opt-out page are also in the works. The timing of this release is late 2015 or early 2016.

Read more about the DAAC’s guidelines changes here. Have questions? Contact TRUSTe at 1-888-878-7830 or fill out our contact form here.

Subscribe to Blog