ADVERTISING, MARKETING & PROMOTIONS
>> ALERT DIGITAL ADVERTISING ALLIANCE OFFERS NEW PRIVACY GUIDANCE FOR MOBILE ENVIRONMENT The core provisions of the Digital Advertising Alliance (DAA) new guidance are not yet in effect and will not be enforced while the mobile industry works on implementation issues, but the “implementation phase” has begun. BACKGROUND The DAA has issued new guidance explaining how its Self-Regulatory Principles for Online Behavioral Advertising (OBA Principles) and Multi-Site Data (MSD Principles) (together, the Self-Regulatory Principles) apply to certain types of data in the mobile environment. The DAA said that the new guidance clarifies that its previously-issued Self-Regulatory Principles apply to the mobile environment as well. The themes from the OBA Principles of transparency, consumer control, sensitive data, data security and accountability are all part of the new guidance. The DAA also made it clear, however, that the release of the new guidance began an “implementation phase” and that, during this phase, the guidance will not be in effect or enforced by the DAA accountability mechanisms with respect to three newly-defined classes of critical mobile data: Cross-App Data, Precise Location Data, and Personal Directory Data. (These data categories are discussed further below.) After the DAA has announced to covered companies that this new
THE BOTTOM LINE For all practical purposes, the portions of the DAA guidance that break new ground are not yet in effect and will not be enforced while the mobile industry works on implementation issues, but the “implementation phase” has now begun. However, this new guidance is going to be with the industry for the foreseeable future and covered entities should begin the process of considering: which of their activities in the mobile environment are within the scope of the guidance, and the extent to which they will likely need to change their practices to comply. guidance is effective and enforceable, any entity engaged in the collection and use of Cross-App Data, Precise Location Data, or Personal Directory Data will be subject to the DAA accountability mechanisms (managed by the Council of Better Business Bureaus and the Direct Marketing Association) for engaging in practices that do not adhere to the SelfRegulatory Principles as discussed in the new guidance.
might not be feasible to provide notice of multi-site data collection on the specific webpage where this data was collected even if there was an arrangement with a “first party” for the provision of that notice. In these cases, the DAA said, it would be “acceptable” for notice to be provided where the notice was “clear, meaningful, and prominent.”
Significantly, the DAA acknowledged that it might not be feasible to comply with the Self-Regulatory Principles on all devices in the same manner as in a desktop computer environment.
The guidance explains how the existing Self-Regulatory Principles that are applicable to companies engaged in online behavioral advertising, including advertisers, agencies, media, and technology companies, apply to certain types of data in the mobile environment. The DAA said that it
As an example, the DAA recognized that on devices with small screens it
>> continues on next page
Attorney Advertising 1313
ADVERTISING, MARKETING & PROMOTIONS >> ALERT intends for the Self-Regulatory Principles to apply consistently across these channels, and it stated that the existing Self-Regulatory Principles and definitions remain in full force and effect, including the purpose limitations set forth in the MSD Principles. In particular, the new guidance explains when to provide enhanced notice about data collected on a particular device over time and across different applications, as well as notice for the collection of Precise Location or Personal Directory Data. It also applies the principle of consume