The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

Leave a comment

In Step Towards Broader Self-Regulation, Facebook to Allow AdChoices Icon in Ads

Facebook has closed a major gap in the industry compliance puzzle by announcing that it will now adhere to a widespread notice-and-choice program for its advertising platform. The site will be adopting the Digital Advertising Alliance’s AdChoices program, meaning it will place the program’s blue-triangled icons onto ads served by its FBX ad exchange.  The move will provide more transparency and an opt-out function to ads on the world’s most popular social networking site.

Transparency and uniformity in behaviorally targeted ads are what the Digital Advertising Alliance had in mind with its self-regulatory program.  The program is intended in part to prove to the government that the advertising industry can be proactive about sharing the consumer information that online advertisers store and use to target ads, and allow them to opt out on their own. Users can click on the “AdChoices” icon and its ubiquitous blue triangle, which takes users directly to the ad partner’s site, where they can see what information is being used to target ads and opt out.

The AdChoices program has two main advantages: broad-based industry usage and consistency from ad to ad and site to site.  However, one industry publication described Facebook’s choice to go its own way as a “gaping hole” in the voluntary industry program. Facebook is the #2 most trafficked site on the web, and the No. 1 publisher of display ads in the U.S. Due to the data is possesses about its users, it has a unique ability to behaviorally target ads. Prior to adoption, Facebook’s interface took more steps than the DAA’s to get more information and an opt-out button, including several clicks before being referred to the ad server’s site.

It should be noted that the AdChoices icon will not be displayed universally or in the fashion seen on other sites. The option will only appear on behaviorally based ads served through Facebook’s FBX platform.  Clicking the “x” on other ads will lead to Facebook’s own information and opt-out screens. FBX partners who participate in the AdChoices program will be able to display the icon- but it will only show up once a user’s cursor hovers over the ad.

This announcement has several potential impacts for Facebook and voluntary industry privacy programs. Facebook’s adoption of the icon and program should increase the visibility of the icon and the program- even if it not displayed as prominently on Facebook ads.  It will also subject Facebook to increased accountability, in the form of compliance reviews and complaint resolution procedures by the Council of Better Business Bureaus and the Direct Marketing Association, which oversee the program. Finally, it should provide increased legitimacy to industry privacy programs by bringing one of the whales of online advertising in tune with the FTC’s privacy framework.  In its final privacy report, the FTC mentioned the DAA’s program as a creative and practical consumer choice mechanism and part of significant industry progress towards its goal of a Do-Not-Track mechanism.


Leave a comment

7th Circuit: Parking Ticket Practice Violates Privacy Law

Many drivers know the futility of trying to fight a parking ticket, but one Illinois driver came up with an attack against his that has ended up with the Seventh Circuit Court of Appeals, sitting en banc, backing him up in an opinion released this past Monday. At 1:35 a.m. on August 20, 2010, a Palatine, Illinois, police officer ticketed Jason Senne’s illegally parked car and placed the ticket on the car windshield. Mr. Senne retrieved the ticket about five hours later and, not willing to pay the $20 fine and move on, fought back by filing suit against Palatine for violation of the Driver’s Privacy Protection Act, 18 U.S.C. §§2721-25 (“DPPA”).

DPPA, which was enacted after a stalker obtained the home address of actress Rebecca Schaeffer from the California DMV and then used the information to find and kill her, places strict limits on how and why personal information contained in state DMV records can be released. It restricts not only disclosure by DMV employees, but also disclosure by those who lawfully obtain information from the DMV (in the Schaeffer matter, the stalker had hired a private investigator to obtain the information).

It turns out that in Palatine, when a police officer writes a parking ticket, information about the car’s owner is downloaded from the DMV and then printed on the parking ticket itself. This information includes the owner’s full name, address, driver’s license number, date of birth, sex, height, and weight. The parking ticket is then placed on the windshield of the car. Mr. Senne contended that placing the ticket on the windshield, in public view, constituted a disclosure of that private information in violation of DPPA and filed suit in Federal District Court. Palatine moved to dismiss the suit for failure to state a claim. It contended that the parking ticket was not a disclosure and that, even if it was, it was permitted under a specific exception in DPPA. The District Court agreed with Palatine and dismissed the case, a decision that was affirmed on appeal. The Seventh Circuit Court then agreed to rehear the case en banc and, in a decision issued this past Monday, reversed the District Court.

Palatine argued that placing the ticket on the windshield did not constitute a disclosure because Mr. Senne had failed to allege that anyone other than himself had actually seen it. The Court, in rejecting Palatine’s argument, stated that the effect of placing the ticket on the windshield made the information available to any passer-by. The Court ruled that whether or not anyone else saw it is irrelevant, the act of placing it on the windshield is itself a publication that is prohibited by DPPA. The Court’s opinion is available here.