WPF Resource Page: Behavioral Advertising and Privacy

About Behaviorally targeted advertising, World Privacy Forum testimony, comments and resources


What is “behaviorally targeted advertising”?

Not all online advertising is inherently bad. In its generic forms, WPF views online advertising issues as generally lower on the privacy score card than for example, data broker privacy intrusions. The World Privacy Forum has no complaint about legitimate advertising; our complaint is with intrusive and difficult- to-detect (or nearly impossible to detect) profiling of consumers that is part of certain kinds of advertising practices. For example, an area of consumer profiling done at the Internet Service Provider -level (called Deep Packet Inspection) is quite problematic, and has in the past been launched without sufficient transparency or consumer rights. This would be an example of problematic profiling.

In the online advertising space, behaviorally targeted advertising is another area of potential privacy interest. This particular topic has received an extraordinary amount of attention in the privacy world. Some of the attention is warranted, some of it is not. If you view privacy as a continuum, online advertising or the ads you see can have some issues, but the real importance is related to the back-end profiles of consumers and how those are used. In some cases, those profiles are pretty generic and are not used for anything beyond display ads, and they may not be used for very long. In other cases, there can be some privacy abuses if the profiles are detailed, tied to an individual, and used in combination with other offline information, and especially if sold to a third party in identifiable form.

Behavioral advertising has two key components: tracking and targeting.

  • Behavioral tracking is the practice of collecting and compiling a record of individual consumers’ activities, interests, preferences, and/or communications over time.
  • Behavioral Targeting is when behavioral tracking is used as a basis to serve advertisements and/or otherwise market goods or services to a consumer based on his or her behavioral record.

There are some recognized privacy issues with behavioral tracking and targeting, and there can also be fairness issues. Because of this, much public policy has been fashioned around behaviorally targeted advertising, and also privacy-enhancing tools and technologies now exist to assist consumers in managing these kinds of ads. This page serves as a starting page for some of our online ad-related work. By and large, in this space WPF is most famous for its NAI report of 2007, and for creating the first iteration of Do Not Track and proposing it to the FTC.

We maintain some popular consumer tipsheets about online privacy, you can find those here:


World Privacy Forum Reports and Information about Behavioral Advertising

The World Privacy Forum has been active in the behavioral advertising debate, most particularly on the privacy aspects of some practices. Here is a collection of our reports, testimony, comments, and resources on this issue.


REPORT: The NAI: Failing at Consumer Protection and at Self-Regulation

Released November 2007

This World Privacy Forum Report documents in detail the history and failures of the first FTC/industry self-regulation effort, the Network Advertising Initiative or NAI.

Download the comments (PDF)

Read the Report


PUBLIC COMMENTS: Online Behavioral Advertising: Moving the Discussion Forward

Filed with the Federal Trade Commission April 2008

World Privacy Forum comments to the FTC regarding its proposed online advertising principles from December 2007. WPF urged the FTC to think beyond a voluntary regime led by industry and to provide meaningful transparency, choice, and privacy for consumers in light of the of the demonstrated problems with behaviorally targeted advertising. The WPF also urged the FTC to define “sensitive information,” especially in light of the large amount of medical information going online. The WPF took a position that advertising should never be targeted based on genetic information.

Download the WPF comments to the FTC (PDF)

Read the WPF comments to the FTC


FTC TESTIMONY: Privacy and Online Advertising: Self-regulation’s track record in the sector

FTC workshop, November 2007

World Privacy Forum Testimony on the failure of the FTC’s first self-regulatory plan, the Network Advertising Initiative.

Link to the FTC testimony


DO NOT TRACK CONSENSUS DOCUMENT: Consumer Rights and Protections in the Behavioral Advertising Sector

Released October 2007

Joint Comments to the FTC: this is a consensus document originating from a two-day meeting the World Privacy Forum held in October of 2007.

Download the consensus document

Read the consensus document



(Updated regularly)

The online advertising self-regulatory plan operates by a little-known method called the “opt-out cookie.” This World Privacy Forum resource links to the opt-out cookies and explains more about how it all works.

Cookie Opt Out Page


Behavioral Advertising Timeline

It is useful to see how behaviorally targeted advertising is developing over time. This mini timeline traces the key developments in this issue and helps give a quick mapping of events.

  • Fall 2013: Do Not Track falls apart at the W3C. California Governor Jerry Brown signs DNT legislation into law.
  • Cookie Clearinghouse effort launches.
  • Summer 2013: NTIA comes to a conclusion regarding its mobile app short form notice, which has some relevance to online advertising.
  • Spring 2013: The NAI releases a new code of conduct, greatly improved, and boasts almost 100 members. The new NAI code includes — for the first time — a broader definition of health information, and the inclusion of sexual preference as a sensitive data category. It also releases its fourth compliance report under Marc Groman. It also releases a mobile app code in July.
  • 2012: The NAI issues its third compliance report, this report is published under Marc Groman.
  • Feb. 2012: Major companies and trade associations pledge at the White House to implement Do Not Track.
  • Spring 2011: lawmakers begin proposing bills on behavioral advertising online, among other online privacy issues.
  • Feb. 2011: Mozilla releases a Do Not Track beta version of its Firefox browser.
  • 2010: DAA releases its ad icon.
  • December 2010: FTC releases its staff report on privacy, the report includes a discussion of commercial data brokers and expressly endorses Do Not Track.
  • December 2009 – March 2010: FTC holds its Exploring Privacy Roundtable hearings
  • February 12, 2009: FTC releases its second version of self-regulation (voluntary rules for companies) in behavioral advertising.
  • October 2007: WPF convenes a meeting of privacy and civil liberty groups at UC Berkeley. The privacy groups meet for two days and create a consensus document regarding behavioral advertising. The document is submitted to the FTC by 11 signatories. The document includes definitions of terms, and a Do Not Track proposal.
  • November 2006: CDD and US PIRG file an FTC complaint regarding online advertising. This complaint was the impetus behind the Nov. 2007 FTC Town hall meeting.
  • November 2003: The NAI has only 2 members.
  • November 2002: the NAI has only 2 members.
  • July 2000: FTC issues the second part of its report on privacy issues with online advertising, and accepts and votes on the NAI industry proposal to create voluntary standards for privacy.
  • November 1999: First FTC workshop on online advertising.
  • Spring 1999: FTC invites companies to discuss self-regulation.