Where a digital marketing communication is individually addressed to a consumer, the subject descriptor and context should make this clear. Subject descriptors should not be misleading and the commercial nature of the communication should not be concealed.

The commercial nature of product endorsements or reviews created by marketers should be cleary indicated and not be listed as being from an individual consumer or independent body.

Marketers should take appropriate steps to ensure that the commercial nature of the content of a social network site under the control or influence of a marketer is clearly indicated and that the rules and standards of acceptable commercial behavior in these networks are respected.

Software or other technical devices should not be used to conceal or obscure any material factor, e.g. price and other sales conditions, likely to influence consumers’ decisions.

Consumers should always be informed beforehand of the steps leading to the placing of an order, a purchase, the concluding of a contract or any other commitment.
If consumers are required to provide data for this purpose, they should be given an adequate opportunity to check the accuracy of their input before making any commitment.

Where appropriate, the marketer should respond by accepting or rejecting the consumer's order.

The terms and conditions of particular digital interactive media which may have rules and standards of acceptable commercial behaviour, e.g. news groups, forums, blogs or bulletin boards and general server software for web page content editing (wiki sites), should be respected.
Marketing communications posted to such public meeting places are appropriate only when the forum or site has implicitly or explicitly indicated its willingness to receive such communications.

Individually addressed unsolicited marketing communication via digital interactive media should i) only be conducted where there are reasonable grounds to believe that the consumer who receives such communications has an interest in the subject matter or offer, and ii) include a clear and transparent mechanism enabling the consumer to express the wish not to receive future solicitations.

In addition to respecting the consumer’s preferences, expressed either directly to the sender or through participation in a preference service programme, care should be taken to ensure that neither the digital marketing communication itself, nor any application used to enable consumers to open other marketing or advertising messages, interferes with the consumer’s normal usage of digital interactive media.

• Parents and/or guardians should be encouraged to participate in and/or supervise their children’s interactive activities;
• Identifiable personal information about individuals known to be children should only be disclosed to third parties after obtaining consent from a parent or legal guardian where disclosure is authorised by law. Third parties do not include agents or others who provide support for operational purposes of the website and who do not use or disclose a child’s personal information for any other purpose;
• Websites devoted to products or services that are subject to age restrictions such as alcoholic beverages, gambling and tobacco products should undertake measures to restrict access to such websites by minors;
• Digital marketing communications directed at children in a particular age group should be appropriate and suitable for such children.

Given the global reach of electronic networks, and the variety and diversity of possible recipients, marketers should ensure that their digital marketing communications are consistent with the principles of social responsibility contained in the General Provisions.

Scope
The following applies to OBA focusing on web viewing behaviour over time and across multiple web domains as practiced by third parties in order to create interest segments (a collection of users that share one or more attributes based on prior and current online browsing activity) or to associate such viewing behaviour against interest segments for the purposes of delivering advertisements to and by that web user’s interests and preferences.

These provisions do not apply to advertising focused on web viewing behaviour for a particular website or affiliated websites as practiced by a website operator or first party (or those entities acting on behalf of a website operator or first party).
For example, the provisions do not apply to the data collection and use practices for an online magazine or retail site when the data is solely for these sites’ or their affiliates’ own purposes.

These provisions are intended to apply to all individuals and entities engaged in such activities online.

Definition of terms specific to OBA provisions:

• the term “online behavioural advertising” or “OBA” refers to the practice of collecting information over time on users’ online actions on a particular device across different unaffiliated websites in order to create interest segments or to allocate such viewing behaviour against interest segments for the purposes of delivering advertisements to and by that web user’s interests and preferences. OBA does not include the activities of website operators, quantitative ad delivery or quantitative ad reporting, or contextual advertising (e.g. advertising based on the content of the web page being visited, a consumer’s current visit to a web page, or a search query).

• In the context of OBA, the term “third party” refers to an entity that engages in OBA on a non-affiliated website.  This is in contrast to a "website operator” or “first party” which is the owner, controller or operator of the website, including affiliated sites, with which the web user interacts.

• the term “explicit consent” means an individual’s freely given specific and informed explicit action in response to a clear and conspicuous notice regarding the collection and use of data for online behavioural advertising purposes.

Application of notice and choice provisions
Any third party participating in OBA should adhere to principles of notice and user control as set out below.
Transparency of data information collection and use, and the ability for users and consumers to choose whether to share their data for OBA purposes is vital.
The following guidance provides further clarification for how these principles apply to OBA.

D7.1 Notice
Third parties and website operators should give clear and conspicuous notice on their websites describing their OBA data collection and use practices.
Such notice should include clear descriptions of the type of data and purpose for which it is being collected and an easy to use mechanism for exercising choice with regard to the collection and use of the data for OBA purposes.

Notice should be provided through deployment of one or multiple mechanisms for clearly disclosing and informing Internet users about data collection and use practices.

D7.2 User control
Third parties should make available a mechanism for web users to exercise their choice with respect to the collection and use of data for OBA purposes and the transfer of such data to third parties for OBA.
Such choice should be available via a link from the notice mechanisms described here.

Those collecting and using data via specific technologies or practices that are intended to harvest data from all or substantially all websites traversed by a particular computer or device across multiple web domains, and use such data for OBA, should obtain a user’s explicit consent.
Web users should be provided with an easy to use mechanism for web users to withdraw their explicit consent to the collection and use of such data for OBA.

D7.3 Data security
Appropriate physical, electronic, and administrative safeguards to protect the data collected and used for OBA purposes should be maintained at all times.

Data that is collected and used for OBA should only be retained for as long as necessary for the business purpose stated in the explicit consent.

D7.4– Children
Segments specifically designed to target children 12 and younger for OBA purposes should not be created.

D7.5 Sensitive data segmentation
Those seeking to create or use such OBA segments relying on use of sensitive data as defined under applicable law should obtain a web user’s explicit consent, prior to engaging in OBA using that information.

Anyone taking part in the planning, creation or execution of digital marketing communications including OBA, has a degree of responsibility, as defined in article 23 of the General Provisions, for ensuring the observance of the Code towards those affected, or likely to be affected.

The rapidly changing and developing nature of digital interactive media makes more detailed guidance impracticable and inappropriate. However, whatever the nature of the activity, responsibility is shared by all the parties concerned, commensurate with their respective role in the process and within the limits of their respective functions.