This post was written by Joshua B. Marker.
The Digital Advertising Alliance (“DAA”), a self-regulatory group that represents marketing and media organizations, released new guidance this week for advertisers in the mobile space. Entitled “Application of Self-Regulatory Principles to the Mobile Environment,” the guidance builds on well-known principles such as notice (or transparency) and choice (or control), and tailors them to the unique challenges that face the mobile environment.
The DAA guidance establishes principles for the collection, use and transfer of three distinct types of mobile data: Cross-App Data, which is defined as data that is collected over time and across applications from a specific device; Precise Location Data; and Personal Directory Data, which includes address books, photos/videos, calendars, and phone or text logs. Further, the guidance breaks down the responsibilities of both First Parties, such as the application owners, and Third Parties, which include ad networks, and analytics companies.
While the DAA provides various methods for compliance with these new rules, and the guidance bears close examination for anyone applying it, certain principles are consistent throughout. Covered parties should provide notice to the consumer of their data collection practices in a “clear, meaningful, and prominent” manner. Further, consumers should have the ability to consent to, and exercise choice with respect to, collection of their own data. Finally, the DAA guidance notes some exceptions to the general notice and choice principles, primarily when data is collected for systems management (authentication, compliance, security, etc.), or product development purposes.
Even though implementation is not immediate, many interesting issues are raised for companies in the mobile advertising space. Parties may have to engage the consumer directly if consent for Cross-App Data is to apply to a device in its entirety, rather than a specific app, and parties may want to re-examine their contractual relationships to understand who is responsible for obtaining and verifying consent for the collection of specific types of data.
WHY IT MATTERS. It is clear that any company in the mobile advertising environment needs to have a complete picture of its data collection, use, and sharing practices, and have a full understanding of the other parties with whom it does business in that environment, and those parties’ data collection practices. The DAA guidance should also be reviewed by advertisers to guide the vendor selection and oversight process.