A new research report from CMU’s CyLab:
Online behavioral advertisers track users across websites, often without users’ knowledge. Over the last twelve years, the online behavioral advertising industry has responded to the resulting privacy concerns and pressure from the FTC by creating private self-regulatory bodies. These include the Network Advertising Initiative (NAI) and an umbrella organization known as the Digital Advertising Alliance (DAA). In this paper, we enumerate the notice and choice requirements the DAA and NAI place on their members and check for compliance with those requirements by examining members’ privacy policies and reviewing ads on the top 100 websites. We also test DAA and NAI opt-out mechanisms and categorize how their members define opting out. Our results show that most members are in compliance with some of the notice and choice requirements, but there are numerous instances of non-compliance. Most examples of non-compliance are related to the “enhanced notice” requirement, which requires advertisers to mark behavioral ads with a link to further information and a means of opting out.
Read the full report by Saranga Komanduri, Richard Shay, Greg Norcie, and Lorrie Faith Cranor on CyLab (pdf).