- Adopted a 12 month maximum retention period for user data (nice work!).
- Added a very interesting disclosure about the use of browser caching to store user IDs (more in this in a future post).
I can only speculate that these changes are related to the successful completion of Specific Media’s compliance review. The fact that we don’t really know is instructive — and disappointing — for the self-regulatory effort. The NAI should have been more clear about the nature of Specific Media’s issue, and should have published an update that clarifies the issue in detail and how it was remedied. If no issue was found, that should be clear as well.
Let’s face it: One reason self-regulation is failing to win more supporters is that many view it as an unnatural act for an organization of companies to police the behavior of its own members. Compliance failures will happen, and when they do they need to be visible and the oversight response needs to be completely transparent. Nothing would inspire more confidence in self-regulation than really putting a company in the doghouse from time to time — in a way that advertisers, partners and consumers can’t miss.