Taking a stand on the hot-button privacy issue, the Internet Advertising Bureau this week issued
privacy guidelines by which its membership must abide.
The guidelines are fairly basic, requiring that members have a privacy
policy designed to protect consumers’ personally identifying information,
that they post it, and that they conform to it.
“In effect, we have established a baseline for IAB member companies to
ensure the protection of individual’s privacy,” said Rich LeFurgy, IAB
chairman and general partner of WaldenVC.
No provisions were laid out regarding enforcement of these guidelines.
its home page, and from any page on which it is collecting personally
That policy should outline what information is collected, how it’s
collected, how it’s being used, and what choices consumers have with regard
that information. That information, says the IAB, should never be used in
any ways not disclosed to the consumer at the time of collection.
Interestingly, the IAB also says that companies should link to the privacy
policies of third-party ad servers — an issue that has come up in regard to
the practices of ad company DoubleClick
Another provision that appears to have sprung from the DoubleClick privacy
debate: the requirement that companies disclose whether they are linking the
data they gather with third-party data. DoubleClick came under fire when it
was learned that the company planned to merge data collected by “cookies”
with data it acquired when it bought Abacus Direct.
The use of these cookies, and the logging of clickstream data, should also
be disclosed in the policy, according to the IAB.
Additionally, the IAB says that consumers must have an opportunity to
opt-out, companies must take steps to ensure the security of the personally
identifiable data, and companies doing business in Europe need to abide by
Department of Commerce International Safe Harbor Principles.
The IAB guidelines can be found here.