Joanne Furtsch
Director of Product Policy | TRUSTe
@privacygeek
This week the Digital Advertising Alliance (DAA) has announced the release of its highly anticipated guidelines around how the self-regulatory principles apply to the mobile environment. The Application of Self-Regulatory Principles to the Mobile Environment (“mobile principles”) provides guidance on how previously issued Self-Regulatory Principles for Online Behavioral Advertising (OBA) and Self-Regulatory Principles for Multi-Site Data apply to mobile focusing on:
- Cross-app data collection
- Use of precise geo-location data sufficient to physically locate a specific device
- Personal directory data such as address book and calendar that is created by the consumer, and stored on and accessed through a specific device
The previously issued principles for desktop also apply to the mobile web environment as they do desktop web. The DAA recognizes some technical features are unique to mobile web and may provide guidance around implementation of the principles specific to mobile web.
The mobile principles outline requirements for both first and third parties around when notice, enhanced notice, access to consumer controls, and prior consent is required. Enhanced notice and prior consent are required if:
- Cross app data is collected from all, or substantially all, applications on a specific device
- Precise geo-location data is collected and used by third parties or transferred to third parties. The consumer must be able to withdraw consent and be directed to device or platform settings to do so.
Personal directory data should not be accessed, and obtained and used without authorization. First parties should not authorize third parties to access, and obtain and use personal directory data without authorization.
There are limited purposes where data may be collected for specific purposes, such as operations and systems management, without notice and choice. These limited purposes follow the previously issued principles along with requirements around security and sensitive data. There are also restrictions under which data may be collected, used or transferred to determine employment, credit, health care treatment or insurance eligibility.
The mobile principles fall under the scope of the DAA’s accountability program, which is responsible for enforcement of the principles.
TRUSTe has been anticipating the release of the mobile principles and, most important, already has a proven mobile solution live in the market today, which is designed for ad networks, publishers and other data collectors within the mobile ecosystem. We evolved our desktop solution, TRUSTed Ads, to address the unique needs of the mobile ecosystem. With TRUSTed Mobile Ads, we were the first to bring to market (June 2012) a privacy solution for behaviorally targeted advertising for companies within the mobile advertising ecosystem. A fully scalable solution with an expert Ad Ops team, TRUSTed Mobile Ads serves billions of AdChoices icons for some of the largest brands in the mobile industry. Companies that have launched TRUSTed Mobile Ads include: 4INFO, EA, Drawbridge, Forbes, Human Demand, Jiwire, Millennial Media, Nexage, Pubmatic, Sense Networks, Tapad, WebMD and xAd.
