Enforcement of the Digital Advertising Alliance
"Application of the Principles of Transparency and Control to
Data Used Across Devices" (DAA Cross-Device Principles)
officially began on February 1, just a week after the FTC issued a
staff report discussing the application of the FTC Online
Behavioral Advertising Principles in the context of "Cross
Device Tracking" and suggesting that the DAA Cross-Device
Principles, while commendable, could be stronger.
The DAA Cross-Device Principles are an extension of existing
Self-Regulatory Principles for Online Behavioral Advertising, which
require entities collecting data from particular devices over time
and across non-affiliate web sites to take certain steps to provide
consumers with notice, transparency and control with respect to
such practices. The DAA Cross-Device Principles include
requirements for providing such transparency and control when data
collected from different devices is linked to track user behavior
across such devices. Specifically, an entity collecting such
data must include cross-device collection practices in its website
notice regarding data collection and choice. Additionally, when a
consumer opts out of data collection and use on a specific device,
data collected from that device can't be used for purposes on
that device or any other device, and data collected from other
devices can't be used for purposes on the opted-out device.
The DAA Self-Regulatory Principles for Online Behavioral
Advertising, issued in July 2009, were created to correspond with
the FTC Staff Report on Self-Regulatory Principles for Online
Behavioral Advertising issued in February of that year. In 2015,
the FTC held a Cross-Device Tracking Workshop, which prompted the
DAA to issue the Cross-Device Principles, enforceable February 1,
2017. The FTC's staff report issued last week acknowledged and
commended the DAA's efforts (and efforts from the Network
Advertising Initiative issuing guidance regarding use of non-cookie
technologies, which is not yet enforced), but made additional
recommendations to encourage publishers, cross-device tracking
companies, self-regulatory organizations and even device
manufacturers to further address issues arising from cross-device
tracking. The FTC staff report recommendations include the
following for companies engaged in cross-device tracking:
All companies engaged in cross-device tracking should
truthfully disclose their tracking activities.
Cross-device tracking companies should provide truthful
disclosures to both consumers and the first-party companies on
whose websites and apps the cross-device tracking occurs, including
the types of information they collect and use.
Developers and manufacturers of devices that track consumers
should explain to consumers what information is collected from the
device, the entities that are collecting information, and how they
use and share the information collected.
Consumer-facing companies that provide raw or hashed email
addresses or usernames to cross-device tracking companies should
refrain from referring to the data as anonymous or aggregate and
should be careful about making blanket statements to consumers
stating that they do not share "personal information"
with third parties.
Companies should offer consumers choices about how their
cross-device activity is tracked and should respect those
Any material limitations on how opt-out tools apply or are
implemented with respect to cross-device tracking must be clearly
and conspicuously disclosed.
If an opt-out tool is limited to only certain types of tracking
technologies, the company must clearly and conspicuously disclose
the limits of the opt-out.
Companies should continue to reassess technical limitations and
simplify consumer choices wherever possible.
Sensitive Data—companies should refrain
from engaging in cross-device tracking on sensitive topics (e.g.,
health, financial and children's information), and from
collecting and sharing precise geolocation information, without
consumer affirmative express consent.
Security—Companies should keep only the
data necessary for their business purposes and properly secure the
data they do collect and maintain.
Since the FTC staff reports appears to be encouraging a level of
consumer protection beyond that provided by the DAA and NAI,
Companies should re-evaluate their cross-device tracking procedures
in light of both the industry codes and FTC recommendations.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Please join Sheppard Mullin for an engaging dual panel event focusing on the current state of the augmented and virtual reality industries. While often mentioned interchangeably, AR and VR are marked by their own distinctive characteristics and uses.
Each of our panels will consist of a cross-section of experts and will focus on the business trends and challenges, investment opportunities, and the legal landscape of the separate AR and VR worlds. The panelists will share their diverse insights on the current climate and future of AR and VR, and discuss how their businesses bear on each arena and the various issues they face.
The questions that BYOD policies seek to answer are these: (1) Who owns your device? (2) Who owns the information on your device? (3) What happens if that information (or the device itself) gets lost or stolen?
Orrick Cybersecurity & Data Privacy lawyers Emily Tabatabai and Shea Leitch co-authored an article for the International Association of Privacy Professionals' Privacy Tracker on the continued expansion...
He advises on handling internal data breach investigations; supervising forensic examinations and coordinating with law enforcement in investigations of criminal attacks; and regulatory investigations and enforcement actions by the FTC and HHS/OCR.
Privacy advocates in both the United States and Europe are urging regulators to take a hard look at the privacy ramifications of internet-connected toys, which are often conventional toys augmented by companion mobile applications.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).