This week, the Digital Advertising Alliance (the “DAA”) unveiled new “Self-Regulatory Principles for Multi-Site Data” (the “Principles”), aimed at expanding the scope of industry self-regulation with respect to online data collection. The Principles are designed to supplement the Self-Regulatory Principles for Online Behavioral Advertising which were issued in July 2009. The DAA is composed of several constituent industry groups such as the American Association of Advertising Agencies, Council of Better Business Bureaus, the Direct Marketing Association and the Interactive Advertising Bureau.
[…]
Notably, the Principles prohibit third parties or service providers from collecting, using or transferring any Multi-Site Data in order to determine an individual’s eligibility for employment, credit, health care treatment or insurance. The Principles also require entities to (1) treat personal information in accordance with the Children’s Online Privacy Protection Act, and (2) obtain opt-in consent to collect and use Multi-Site Data that contains health or financial information (with an exception for operational or systems management purposes).
Read more on Hunton & Williams Privacy and Information Security Law Blog then scoot over to CIS to read Jonathan Mayer’s, “A Brief Overview of the Supplementary DAA Principles.”