The International Advertising Association just released its Privacy Principles for the Advertising Industry.  Noting that "one of the most important and pressing consumer protection issues that legislators are facing today is how to adequately protect consumer privacy," the IAA indicated that these Principles are intended to guide lawmakers when passing legislation that may impact the advertising industry.  

In connection with the release of the Principles, Sasan Saeidi, the IAA’s World President and Chairman, said: “Consumers and businesses should be subject to the same privacy rules, regardless of where they are located. As an organization that represents member companies across 56 countries, we believe striving for global harmonization of privacy laws, where possible, is a critical goal for policymakers.”

The IAA developed the principles with the best interests of consumers at the forefront.  The IAA explained, "Well-crafted legislation can provide not only the protection consumers need and deserve, but can allow for a robust advertising ecosystem that provides great benefits to both industry and consumers alike." 

The Principles are: 

• Preserve Consumer Benefits -- Advertising supports an open, free web. Legislation should balance the interests consumers have in protecting their privacy with the benefits they receive from an advertising-supported internet. 
• Transparency and Choice -- Legislation should give consumers transparency and choice regarding the use of their data. Outright prohibitions on advertising can create inflexible standards, stifle innovation, and deprive consumers of choice. 
• Global Harmonization -- With increasing globalization, legislation should focus on supporting the development of strong, clear, and consistent global standards that can be adopted around the world, instead of local standards. A patchwork of differing standards creates confusion for, and imposes unnecessary burdens on, both consumers and businesses. 
• Tailored -- Legislation should be narrowly tailored to address the specific harms that have been identified, and should be a proportionate response to those specific identified harms, taking into account the impact that new regulation will have both on consumers and the economy. Legislators should avoid overly broad regulation, which may have unintended consequences that may unduly hinder economic growth. Prohibiting tracking technologies, for example, may impact not only personalized advertising, but the measurement of all online advertising and the development of new products and services that benefit consumers. 
• Context -- Not all data, or all data uses, are the same. When considering obligations regarding the collection and use of data, legislation should clearly define the types of data covered, and should take into account all of the relevant factors, including the type and sensitivity of data, who is collecting the data, how that data will be used, and the benefits and risks of the data use. 
• Damages -- Legislation should focus on providing remedies that are related to the actual damages resulting from the misuse of data, rather than theoretical harms. A technical violation that did not result in damage to consumers should not be treated the same as a willful violation that causes significant, measurable consumer harm. 
• Self-Regulation -- Legislation should take into account longstanding and well-established self-regulatory initiatives (including self-harbor programs) and should incentivize the continued use and development of those initiatives to keep pace with technology and changing consumer expectations. 
• Technology -- Legislation should be flexible enough to allow for innovation and to accommodate rapidly changing technologies and evolving needs. 
• Non-Discrimination -- To the extent not already addressed by other applicable laws, legislation should prohibit companies from using consumer data to unlawfully discriminate against consumers.

The Principles were developed by the IAA's Public Policy Council (of which I serve as Chair) in close cooperation with IAA Board Member and VP at Large Daniel Goldberg, who is also the head of the Frankfurt Kurnit Privacy & Data Security Group.