On the heels of recent developments affecting how mobile applications (Apps) collect, use and share consumers’ personally identifiable information (PII), the Digital Advertising Alliance (DAA) has released new guidance for the industry. The self-regulatory principles found within the DAA’s guidance apply consistently across marketing channels and extend to App developers and owners, ad networks, App platform providers and providers of devices and related third party services.
DAA and Mobile Apps Generally
The DAA is a nonprofit organization comprised of some of the largest media and marketing trade associations in the U.S. The goal of the organization is to advance Interest-based advertising by devising industry-wide regulations that must be adhered to in order to maintain good standing within the organization. Most of the DAA’s regulatory efforts are meant to provide consumers with choice and control over how and whether they wish to share their information.
While all of the DAA’s guiding regulations are meant to be self-imposed by companies, any serious or continuous form of non-compliance will subject the offender to the Online Interest-Based Advertising Accountability Program (Accountability Program), operated by the Council of Better Business Bureaus. Through the Accountability Program, the Better Business Bureau has the authority to institute inquiries into cases of non-compliance, publish cases of non-participation or uncorrected non-compliance and refer such cases to the appropriate government agency for potential liability.
DAA’s Guidance on the Collection of PII and Locational Data through Apps
The DAA’s guidance addresses several types of consumer information, but two forms of information deserve special attention due to their prevalence in the industry: locational data and PII. Locational data, as used in the guidance, constitutes any information that can be used to determine the physical location of the consumer, whether it be by using cell phone towers or GPS technology. PII, as used in the guidance, refers to any information that could be used to identify a particular consumer, including name, address, telephone number and email address.
Applicability of App Guidance to Third Party Advertisers
According to the DAA’s guidance, third parties that use consumers’ PII or locational data collected from others must also inform consumers about their data practices through clear, meaningful and prominent notices. Such disclosure must be made on the third parties’ websites and, if applicable, within the associated Apps’ privacy policies. Third parties may adequately accomplish such notice by obtaining and displaying the DAA’s Advertising Option Icon on their websites, which consumers should be able to access via links within the Apps and the associated privacy policies. In addition, third parties are encouraged to register on the DAA’s Consumer Opt-Out Page, where consumers may opt-out of receiving online behavioral advertising from some or all participating companies.
If a third party does not provide the requisite notice to consumers or obtain their express consent to use their PII or locational data, the App developer/owner must take all reasonable steps to protect such data from being shared with the third party and obtain satisfactory written assurance that the third party will not attempt to reconstruct any such consumer data.