The Digital Advertising Alliance (DAA) recently issued guidance explaining how its Self-Regulatory Principles for Online Behavioral Advertising and Multi-Site Data apply to certain types of data in the mobile space. The DAA’s Self-Regulatory Principles are a direct response to the Federal Trade Commission’s (FTC) call for advertising industry self-regulation in the digital space.
The DAA clarified that its Self-Regulatory Principles are applicable to three newly-defined classes of mobile data: (1) data collected from a particular device regarding app usage over time on non-affiliated apps (Cross-App Data), (2) data about the physical location of the individual or device (Precise Location Data), and (3) calendar, address book, phone/text log or photo/video data created by a consumer and stored on a device (Personal Directory Data). In addition, the DAA reaffirmed the applicability of the Self-Regulatory Principles to the collection of data over multiple sites (Multi-Site Data). Significantly, the DAA acknowledged that it may not be feasible to comply with the Self-Regulatory Principles on mobile devices in the same manner as on desktops. For example, devices with small screens might make it difficult to provide notice of Multi-Site Data collection on the same webpage where this data was collected. In such instances, the DAA stated that notice would be acceptable as long as it is “clear, meaningful, and prominent.”
Data collection for operations and systems management, market research, product development and reporting for ad delivery purposes are all exempt from the Self-Regulatory Principles’ notice requirements. In addition, de-identified data that does not associate or connect an individual with a particular device is carved out from certain compliance obligations. Note, however, that none of these categories of data may be used to determine eligibility for employment, credit, healthcare treatment or insurance.
Notably, the DAA made clear that the new guidance is in an “implementation phase” and that, during this phase, the guidance will not be in effect or enforced by the DAA. However, once the DAA announces that this new guidance is effective, it will begin to enforce any non-compliance through its accountability mechanisms.
The Way I See It
- I see that this is another example of regulatory bodies finally catching up with the technologies that have come to dominate consumers’ daily contacts with marketers.
Continue Reading DAA’s New Privacy Guidance for the Mobile Environment