DAA Offers California Office of Attorney General Insights on DAA’s YourAdChoices Program and How Consumers Can Have Robust Privacy While Still Enjoying Ad-Financed Content

February 14, 2019

DAA offers three suggestions on ways to fashion implementation of CCPA in the state to protect digital advertising without compromising consumer privacy.

This week, the Digital Advertising Alliance had the opportunity to provide comments at a California public rulemaking workshop on privacy policy making – as the state’s Office of Attorney General promulgates regulation concerning the California Consumer Privacy Act (CaCPA or CCPA), which is set to take effect on January 1, 2020.


Photo of DAA Exec Director Lou Mastria Providing Public Statement at CaCPA Rulemaking Hearing


The February 13 hearing in Fresno gave the opportunity for DAA to provide an oral and written statement, sharing lessons learned from our self-regulation program that has been in market for almost a decade. We articulated how the YourAdChoices Icon serves as a transparency notice for consumers – globally more than one trillion times each month – and how control is afforded to the consumer by way of icon-connected notices in ads, privacy policies, footers and apps which carry interest-based advertising. Consumers increasingly understand what the icon represents – and, most importantly, value the content that such advertising finances. But more importantly, how private-sector tools such as YourAdChoices could work alongside public-sector initiatives such as CaCPA, much as CalOPPA [California Online Privacy Protection Act] allows the use of industry tools such as WebChoices and AppChoices for consumer control of data collection and use.


Our statement follows:


“Good morning.  I am Lou Mastria, executive director of the Digital Advertising Alliance, which operates the YourAdChoices consumer privacy program. Over the last ten years, the DAA has provided millions of people with information and choice around interest-based advertising.  The DAA strongly supports the CCPA’s goals of providing Californians with better transparency and control over data.  We would like to suggest a number of potential improvements, so the law can better achieve those goals.


“For background, the DAA was established in 2008 as a self-regulatory body and provider of tools for consumer choice around interest-based advertising. We established privacy guidelines for data collection, use, and transfer for such advertising, and we achieved unprecedented and broad industry adoption of those standards. We’ve also kept pace with the rapid changes in the online industry, updating our guidelines five times to account for changing technology, industry practice, and consumer preferences.


“To ensure compliance, the DAA program is monitored and enforced across the industry by two independent organizations, including the Council of Better Business Bureaus, which together have brought more than 95 public enforcement actions, including referrals to regulatory agencies when needed. Little wonder that the DAA’s program has been called “self-regulation with teeth” by the former head of the Federal Trade Commission.


“The most recognizable part of the DAA program, however, has been the YourAdChoices Icon, the small blue triangle that appears in or near digital ads, on websites, and in apps. By clicking on the Icon, consumers can get information and control right from the ad they are viewing. They can access the data collection and use practices of the companies involved, as well as an easy-to-use tool to opt out of further data collection, use, and transfer of data for such advertising.


“The YourAdChoices Icon is displayed a trillion times per month globally, helping drive broad consumer awareness of the program. In a 2016 DAA study, three in five consumers (61 percent) said they recognized the Icon and understood what it represents. Beyond the icon, the DAA’s various digital properties also have reached 80 million consumers.


“Beyond the features of the DAA program, we believe the process by which it operates has set an important model for how stakeholders from government and industry can come together to create practical privacy solutions. We believe in collaboration and we think that policy outcomes are improved by dialogue and engagement, so we commend the Attorney General’s office for conducting these hearings.


“In 2013, a similar process unfolded during the legislature’s update to the California Online Privacy Protection Act, also known as CalOPPA. After engaging with a broad range of stakeholders, the legislature decided to recognize additional mechanisms to effectuate consumers control over Personal Information collected across different sites or online services.  This approach provided business with flexibility in implementing the privacy requirements while ensuring consumer protections are not compromised. Since then, businesses have leveraged DAA’s choice platforms to provide this control to consumers.  We ask the AG to permit consumers to continue to use these universal, centralized tools - used by millions of consumers - to easily and simply express their privacy preferences.


“As the Attorney General’s office considers the implementation process for CCPA, we want to share some of our learnings from the people who would be affected by the law. While people want additional privacy protections, research also shows that consumers see the current system as a fair exchange of value, and they don’t want to undermine the economic framework that powers their online experience.


“A DAA study found that consumers assign a value of nearly $1,200 per year to the free ad-supported services and content available to them on computers and mobile devices. The overwhelming majority (85 percent) said they would prefer to finance those services via advertising through the current model than pay out of pocket for them, while three quarters (75 percent) said that they would greatly decrease their engagement with the Internet if a different model were to take its place.


“Based on those consumer expectations and the DAA’s long experience in managing similar efforts, we would offer three broad suggestions to inform your work:

  1. Different types of data demand different levels of privacy protection

Consumers do not consider all of their data to be equally sensitive, nor should the law. The DAA’s guidelines are based on a commonsense approach to privacy permissions that provides higher protections and greater control for more sensitive data. Data that consumers consider less sensitive is covered by an opt-out approach, while consumers must opt-in to the use of more sensitive data, like precise location data. At the highest level, strict prohibitions apply to the use of data for certain types of eligibility purposes, including employment, health care, or insurance. We would encourage you to consider a similar tiered approach to data in your implementation of CCPA.

  1. Pseudonymous data offers stronger privacy protections than identified data

Psuedonymous data - such as broad interest and demographic categories used for advertising - are privacy protective, as administrative and technical controls help ensure it is not connected to identifiable, individual consumers. We believe businesses should be allowed to maintain the systems that separate that psuedonymous data from other personal information they have on their customers, not compelled to make this data identifiable and connected to individual accounts. Requiring businesses to connect that depersonalized pseudonymous data would reduce privacy for their customers.

  1. Build on the models that work and tools that consumers already use

The YourAdChoices Icon offers a ubiquitous, popular, and real-time way for consumers to access information about data collection and use, as well as a pathway to consumer control over that data. We humbly suggest that tools such as this, which include independent and effective enforcement, continue to be supported through CCPA just as our choice tools were in CalOPPA.  For instance, rules implementing the CCPA could recognize mechanisms like the DAA choice tools as means to provide an opt out to the sale of pseudonymized data without requiring businesses to personalize such data in order to effectuate rights under the CCPA.


“In summary, the DAA strongly supports the goals of the California Consumer Privacy Act, and we believe that our experience offers some valuable insights into the implementation process, so the Attorney General can ensure the law lives up to its promise, rather than creating a host of unintended consequences that reduce privacy and create additional risks for California residents.


“Thank you for your time and consideration.”


We are grateful to support our industry’s government affairs efforts – and to continue to serve as an exemplary self-regulation model for advertisers that is innovative, responsible, reasonable and right.

Back to Top