Last week the Digital Advertising Alliance released a much-anticipated guidance regarding how its self-regulatory principles apply in the mobile environment. The guidance clarifies what companies should do if they (1) are engaging in behavioral targeting (cross-app tracking to serve ads) in the app environment, (2) have app-based tracking of geo-location data, (3) have mobile apps that passively gather address book information, or (4) engage in behavioral advertising on mobile websites. The DAA stressed that it isn?t changing its fundamental stand on notice and choice as outlined in its behavioral advertising principles or its multi-site data tracking principles. Instead, the guidance merely gives instructions on how to give notice and choice on mobile devices. For entities that have apps that (1) have behavioral advertising in the app environment, (2) have app-based tracking of geo-location data, or (3) have mobile apps that passively gather address book information, these entities must provide notice to consumers. This notice obligation is very similar to companies? obligations for computer-based behavioral advertising. However what is new is the need to provide notice for some non-OBA tracking, specifically geo-location and address book information. In the online environment, non-OBA tracking obligations fall more heavily on vendors and other third parties, not the companies that run the websites where those third parties? tracking might occur.
TIP: The FTC has indicated for some time that it expects entities to provide notice and choice of many tracking activities in the mobile environment. These guidelines from the DAA give clarity on how to provide notice. Companies should make sure they read and heed these instructions if they are engaging in mobile OBA, geo-location tracking, or passively collecting address book information. While there is still some time to implement choice for OBA in mobile, the guidance does have instructions for choice with respect to geo-location and address book tracking.