Enforcement of the Digital Advertising Alliance
"Application of the Principles of Transparency and Control to
Data Used Across Devices" (DAA Cross-Device Principles)
officially began on February 1, just a week after the FTC issued a
staff report discussing the application of the FTC Online
Behavioral Advertising Principles in the context of "Cross
Device Tracking" and suggesting that the DAA Cross-Device
Principles, while commendable, could be stronger.
The DAA Cross-Device Principles are an extension of existing
Self-Regulatory Principles for Online Behavioral Advertising, which
require entities collecting data from particular devices over time
and across non-affiliate web sites to take certain steps to provide
consumers with notice, transparency and control with respect to
such practices. The DAA Cross-Device Principles include
requirements for providing such transparency and control when data
collected from different devices is linked to track user behavior
across such devices. Specifically, an entity collecting such
data must include cross-device collection practices in its website
notice regarding data collection and choice. Additionally, when a
consumer opts out of data collection and use on a specific device,
data collected from that device can't be used for purposes on
that device or any other device, and data collected from other
devices can't be used for purposes on the opted-out device.
The DAA Self-Regulatory Principles for Online Behavioral
Advertising, issued in July 2009, were created to correspond with
the FTC Staff Report on Self-Regulatory Principles for Online
Behavioral Advertising issued in February of that year. In 2015,
the FTC held a Cross-Device Tracking Workshop, which prompted the
DAA to issue the Cross-Device Principles, enforceable February 1,
2017. The FTC's staff report issued last week acknowledged and
commended the DAA's efforts (and efforts from the Network
Advertising Initiative issuing guidance regarding use of non-cookie
technologies, which is not yet enforced), but made additional
recommendations to encourage publishers, cross-device tracking
companies, self-regulatory organizations and even device
manufacturers to further address issues arising from cross-device
tracking. The FTC staff report recommendations include the
following for companies engaged in cross-device tracking:
All companies engaged in cross-device tracking should
truthfully disclose their tracking activities.
Cross-device tracking companies should provide truthful
disclosures to both consumers and the first-party companies on
whose websites and apps the cross-device tracking occurs, including
the types of information they collect and use.
Developers and manufacturers of devices that track consumers
should explain to consumers what information is collected from the
device, the entities that are collecting information, and how they
use and share the information collected.
Consumer-facing companies that provide raw or hashed email
addresses or usernames to cross-device tracking companies should
refrain from referring to the data as anonymous or aggregate and
should be careful about making blanket statements to consumers
stating that they do not share "personal information"
with third parties.
Companies should offer consumers choices about how their
cross-device activity is tracked and should respect those
Any material limitations on how opt-out tools apply or are
implemented with respect to cross-device tracking must be clearly
and conspicuously disclosed.
If an opt-out tool is limited to only certain types of tracking
technologies, the company must clearly and conspicuously disclose
the limits of the opt-out.
Companies should continue to reassess technical limitations and
simplify consumer choices wherever possible.
Sensitive Data—companies should refrain
from engaging in cross-device tracking on sensitive topics (e.g.,
health, financial and children's information), and from
collecting and sharing precise geolocation information, without
consumer affirmative express consent.
Security—Companies should keep only the
data necessary for their business purposes and properly secure the
data they do collect and maintain.
Since the FTC staff reports appears to be encouraging a level of
consumer protection beyond that provided by the DAA and NAI,
Companies should re-evaluate their cross-device tracking procedures
in light of both the industry codes and FTC recommendations.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The annual seminar addressing changes and developments in state and federal wage and hour laws is a unique one-day program and hundreds of California employers, personnel managers, controllers, attorneys, payroll managers, and supervisors attend each year.
This year registrants will receive a free copy of the New 2017 Edition of the WAGE AND HOUR MANUAL FOR CALIFORNIA EMPLOYERS by Attorney Simmons (over 980 pages). The book is the only one of its kind and is widely recognized as the leading text in its field.
The seminar is designed to provide a guide to Human Resource Officials, Personnel Specialists, Consultants, Supervisors and other management officials through the ever-increasing maze of state and federal employment discrimination laws. Registrants will receive a free copy of the New 2017 Edition of Simmons' EMPLOYMENT DISCRIMINATION AND EEO PRACTICE MANUAL FOR CALIFORNIA EMPLOYERS (over 810 pages).
The California Department of Fair Employment and Housing and the FEHC have both recognized the value of this manual and obtained copies for investigators, consultants and supervisors throughout California. The program will also examine other personnel relations laws and issues of significance to California employers including disability discrimination, pregnancy discrimination, "wrongful discharge," and "unfair termination."
Please join Sheppard Mullin for our monthly Emerging Company Webinar educating entrepreneurs and emerging companies on the key legal issues they face during the growth of their companies. These complimentary 1-hour webinars are held once a month via WebEx and include both an audio and PowerPoint component.
Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently announced the first ever settlement related to a Covered Entity's untimely breach notification in violation of HIPAA.
Shortly before the New Year, the United States Attorney for the Southern District of New York unsealed an indictment against three Chinese hackers who allegedly stole information from two prominent U.S. law firms.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).