Big Idea (in full): Businesses that prioritize transparent, consumer-friendly privacy practices based on DAA Principles signal to regulators that they care. Self-regulation and DAA program participation are essential for all organizations in the digital advertising space ¨C and, in spirit ¨C these tools support the intended goals in a good number of state privacy laws.

I¡¯ve often said that independent enforcement is one of the keystones to the Digital Advertising Alliance¡¯s long-standing success as a self-regulatory program. 

At DAA Summit 25 ADvocate, industry leaders and independent enforcers stressed that clear disclosures, effective opt-outs, and careful vendor oversight are not only necessary for a Principles-based framework for data governance but also helpful in navigating a complex and evolving patchwork of state privacy laws while maintaining consumer trust. 

In short, adherence to DAA Principles gives businesses and organizations a great head start on ensuring they adhere to state, federal and international laws, while also answering privacy-conscious consumers¡¯ ever-present questions, ¡°Why did I get this ad?¡± and for those seeking choices for their ads, ¡°What can I do about it?¡± 
In our annual Summit session dedicated to compliance with DAA Principles this year, we had the benefit of perspective from a state law enforcement official among the panelists. Public adherence to DAA Principles is an important signal to regulators that businesses care about consumer trust, said this one official on the panel.

¡°Self-regulation and membership backs up your claim that you care, before a violation happens,¡± Texas Assistant Attorney General Madeline Fogel told the Summit audience. Regulators may not always accept the reasoning, she said, but showing awareness of the broader legal landscape and a good-faith effort to balance competing requirements can go a long way in enforcement conversations. 
 

Rob Hartwell, DAA counsel and partner at Venable LLP, led a timely panel exploring privacy enforcement, vendor accountability, and best practices for maintaining consumer trust via DAA Principles in a shifting legal environment.

DAA counsel Rob Hartwell, partner, Venable LLP, moderated the panel, which also featured Senny Boone, senior vice president at the ANA Center for Ethical Marketing, Nina-Belle Mbayu, a privacy technology counsel with BBB National Programs, and Mary Engle, executive vice president for policy at BBB National Programs, as well as Assistant Attorney General Madeline Fogel for the State of Texas¡¯s Privacy & Tech Enforcement Team.

Assistant Attorney General Madeline Fogel, Privacy & Tech Enforcement Team for the State of Texas, joined the panel by Zoom to provide insight on the reasonableness standard expected of businesses using consumer data.

Both ANA and BBB National Programs serve as U.S. accountability organizations for independently enforcing the DAA Principles, and both have the power to refer non-compliant, non-responsive companies to state and federal law enforcement agencies.

ANA¡¯s Senny Boone reported recent trends in consumer inquiries, based on tracking of questions and complaints. As of the end of May, since the beginning of the year, more than one thousand inquiries related to interest-based advertising (IBA) had been logged. Notably, 55 percent of these inquiries now come from smartphones, highlighting how many users interact with AdChoices in the mobile space. Data stewardship, including adherence to DAA Principles, is a vital part of ANA¡¯s recently updated Ethics Code of Marketing Best Practices.

While self-regulation enforcement of DAA Principles continues unabated, state privacy enforcement is also picking up. Madeline Fogel explained that her enforcement team begins by focusing on areas driven by consumer complaints or services consumers actively use and enjoy. The gold standard in their investigations, Fogel emphasized, is ¡°reasonableness.¡± Describing their approach, she said, ¡°When we look at a policy, we kind of try to put ourselves in the shoes of a consumer. I'm thinking, would an average consumer be able to discern either how they're going to exercise a right or what you're doing with their data based on what you've presented here today? And that needs to be presented in a way that the average consumer would understand.¡±
 

Mary Engle walked Summit attendees through recent BBB National Programs investigations that led to improved compliance and stronger consumer protections. 

To illustrate this point, Mary Engle, executive vice president, policy, of BBB National Programs, walked the audience through a number of recent investigations and how BBB National Programs works with businesses to enable their compliance with DAA Principles. One recent case involving the NFL addressed an in-app issue where consumers had complained they were unable to opt out of targeted ads. BBB National Programs worked with the NFL to update its IBA language to provide clear instruction to consumers on their ability to opt out of targeted ads, as well as its precise geolocation consent prompt, to ensure consumer consent is obtained before the league and the team apps used precise location data for targeted ads. 

For a fuller view of how these cases and others reflect industry standards, the DAA recently published Casebook 5.0: Enforcement in Action compiling BBB National Programs and ANA enforcement cases pertinent to DAA Principles. Through these cases, brands and businesses can learn how best to implement compliance with the Principles, to bolster the value of self-regulation in action and engender consumer trust.

The panel emphasized that both self-regulation and DAA participation remain valuable as state privacy laws proliferate. Enforcers understand companies are navigating a patchwork of state laws, but they expect transparency about those choices. Adhering to DAA Principles as a starting point can well position companies when they seek to take steps to also comply with various privacy laws at the state, federal and international levels.

At the DAA Summit 25 ADvocate¡¯s opening discussion, Nina-Belle Mbayu of BBB National Programs emphasized the importance of companies working diligently with their legal and technology teams to ensure compliance with DAA Principles is met and consumer requests are respected.

Another area of considerable discussion centered on the use of cookie banners. Boone told companies worried about related compliance issues that ¡°...the best option is make sure you're working with your own legal counsel, because the cookie consent banners, although not required, there could be some hidden complexity with the state requirements, which could possibly trigger one of the state rules.¡± Further, Mbayu advocated for a close relationship with a company¡¯s technologists, saying they should regularly ¡°...test the accuracy of whether the opt outs are actually being respected in the cookie management platform.¡±

ANA¡¯s Senny Boone underscored the need for companies to manage vendor relationships with care and consistency. Doing right by consumers, she noted, increasingly focuses on behind-the-scenes data flows.

With this in mind, Hartwell noted that state enforcement actions involving ¡°...behind the scenes interaction between platforms, vendors, and how the data flows are happening. We've seen actions where companies have been asked to know their vendors, who's collecting data, what are they doing with it and what are the agreements in place to control how that's happening.¡± 

Fogel and Boone echoed that companies must track what vendors collect and where the data goes and constantly work with them to update contracts as necessary. Boone said: ¡°It¡¯s not just the contract. It¡¯s an ongoing relationship.¡± 

DAA wishes to acknowledge the editorial contributions of our summer associate Spencer Baker.