Background

Marketers and third parties (defined below) must have regard to privacy and data protection laws. Specifically, they must take note of the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 and the Data Protection Act 1998. Guidance on how to comply with privacy and data protection legislation is frequently issued and updated by the Information Commissioner's Office (ICO). The rules set out below are not designed to provide compliance with the law and companies should seek their own legal advice when working to comply with privacy and data protection legislation.


The rules in this section aim to secure transparency and control for consumers in the use by any third party of Online Behavioural Advertising (OBA) (defined below). The rules require a third party to provide notice to web users in or around an online display advertisement if they are undertaking OBA. The notice should link to a relevant mechanism whereby a web user can opt out of the collection and use of web viewing behaviour data for OBA purposes by that third party or that third party and other parties. These rules are integral to a pan-European initiative - the European Advertising Standards Alliance (EASA) Best Practice Recommendation and an EU industry Framework. Further information can be found here:


self-regulation-framework.aspx

Definitions

"OBA" means: the collection by a third party over a period of time of web viewing behaviour data from a particular computer which takes place across multiple web domains not under common control, and which is used by the third party to deliver advertising to that particular computer based on the preferences or interests inferred from the data by the third party's technology. (These preferences or interests are often categorised into "interest segments" which are then used to target multiple web users with a specific preference or interest.)


The definition above encompasses behavioural re-targeting whereby display advertisements may be served to consumers who have shown a previous interest in a product but may not have made a purchase.


A "third party" is an organisation that engages in OBA (i.e. collects and uses web viewing behaviour data for the purposes of OBA) via websites other than those that it or an entity with which it is under common control owns or operates.


The rules in this section do not apply to: contextual advertising; web analytics; ad reporting or ad delivery; the collection and use of information for behavioural advertising by web site operators on their own website(s) or the use of OBA in rich media, in-stream videos online or on mobile devices.

Rules

31.1

To ensure that consumers are made aware of, and can exercise choice over, the collection and use of information for the purposes of OBA, third parties must:

31.1.1

give a clear and comprehensive notice about the collection and use of web viewing behaviour data for the purposes of OBA on their own website, including how a web user can opt out from having web viewing behaviour data collected and used for this purpose. The notice should also link to a relevant mechanism that allows the consumer to opt out of the collection and use of web viewing behaviour data for OBA purposes by that third party or that third party and other third parties

31.1.2

give a clear and comprehensive notice that they are collecting and using web viewing behaviour data for the purposes of OBA, either in or around the display advertisement delivered using OBA. The notice should link to a relevant mechanism whereby a web user can opt out of the collection and use of web viewing behaviour data for OBA purposes by that third party or that third party and other third parties

31.1.3

not create interest segments specifically designed for the purpose of targeting OBA to children aged 12 or under.

31.2

Third parties that use technology to collect and use information about all or substantially all websites that are visited by web users on a particular computer in order to deliver OBA to that computer must obtain explicit consent from web users before doing so.