Controlling Web Bugs—Online Advertisers Help Shape Guidelines

In an attempt to self-regulate online consumer privacy while conducting online transactions, the Network Advertising Initiative (NAI), which comprises some of the Internet's leading advertising and ad technology companies, has finalized the creation of the new Web beacon guidelines as a critical step in balancing the privacy of consumers with the needs of businesses.

One key concern to the NAI is regulating the use of Web beacons, also known as "Web bugs." The NAI's guidelines require businesses to disclose how and why they are using Web beacons on their Web sites. In addition, TRUSTe, a nonprofit organization that runs a global privacy certification and seal program, as a recommended best practice for its 1,500 members, will also use the guidelines. It's the NAI contention that, since online privacy issues are cumbersome and confusing, there needs to be a set of fundamental guidelines in place and these guidelines need to be established by industry insiders, rather than being government-mandated.

"Our organization has emerged as an important resource for legislators and regulators in the U.S. and Europe on issues of privacy and technology, and we feel that we can best assemble a self-regulatory program, such as the Web beacon guidelines," said Trevor Hughes, executive director of the Network Advertising Initiative.

Web beacons, or Web bugs, are single-pixel GIF image tags in HTML documents used to track Web users. The bugs, which are invisible to site visitors, allow the page owner to measure user activity based on image server logs. Basically, businesses use Web bugs as an alternative to Web server logs to measure and improve the performance of their online marketing campaigns and to analyze anonymous visitor behavior on large, complex Web sites. However, under NIA guidelines, if a bug can be tied to personal data, such as via a cookie or an email address—and this data will be disclosed to third parties—then there needs to be an opt-out for the user, but only when the disclosure is for purposes "unrelated" to the reason the data was collected.

WebSideStory pioneered the use of Web bugs for real-time marketing performance optimization in 1996 with the development of HitBox services, and is one of several companies that were instrumental in developing the guidelines.

"With the implementation of these guidelines, our industry not only allows businesses to gain critical marketing insight on their Web sites, but has also taken a major step in seriously protecting the privacy of the online customer," said Jay McCarthy, chief privacy officer and vice president of product strategy for WebSideStory.

Other companies included in the development of the guidelines include IBM, Microsoft, the U.S. Postal Service, DoubleClick,, 24/7 RealMedia, Coremetrics, KeyLime Software, and Guardent.