Home Home About Us Practice Areas Our Attorneys Press & Publications Events Diversity Pro-Bono Careers
FOLLOW US:

Digital Media, Technology & Privacy Alert >> New DAA Guidance Emphasizes Applicability of Transparency and Control to Cross-Device Advertising Practices

November 30, 2015

The Digital Advertising Alliance (DAA) has released initial guidance explaining how its Self-Regulatory Principles for Online Behavioral Advertising apply to the cross-device environment.

Background
The digital space continues to change at a rapid pace, with consumers multi-tasking on desktops, laptops, tablets, and mobile phones in their digital activities. A recent consumer survey found that 79 percent of people aged 18-64 are on three or more devices every day. The proliferation of devices and their corresponding technologies has created new challenges for marketers. Cross-device tracking, in this context, refers to the process of identifying users across multiple devices (such as a smartphone, tablet or laptop) and generating linkage between these devices in order to deliver targeted advertising or personalized services. Therefore, engaging in certain online activities on a user’s laptop could result in relevant ads being delivered to their smartphone.

Over the years, the DAA has set forth guidance for data collected on a specific device as well as guidance for the use of multi-site data. The question then is how do the DAA’s existing Self-Regulatory Principles apply where multi-site data or cross-app data are collected from and linked between more than one browser or device for use on multiple computers or devices?

The new DAA cross-device guidance, titled "Application of the DAA Principles of Transparency and Control to Data Used Across Devices," helps provide an answer. It explains that the transparency and choice obligations in the DAA’s existing Self-Regulatory Principles apply to cross-device data practices.

Transparency
The new DAA guidance suggests steps that advertisers should take to enhance transparency.

In particular, it explains that entities collecting multi-site data and cross-app data from a particular browser or device for use on a different computer or device should add to their website notice explaining their data collection and use practices "the fact that data collected from a particular browser or device may be used with another computer or device that is linked to the browser or device on which such data was collected" or that it may be transferred to a non-affiliate for those purposes.

In addition, the new DAA guidance recommends including an explanation that exercising choice through the consumer choice mechanism limits collection of data and use in a manner consistent with the original DAA principles.

The DAA guidance also highlights the use of "clear, meaningful, and prominent" links as a means of disclosing information.

Control
The new DAA guidance also explains that the consumer choice obligations under the existing Self-Regulatory Principles apply to:

  • The collection of multi-site data on the browser, or cross-app data on the device, on which choice is being exercised, for use on another computer or device that is linked with the browser or device on which the choice is being exercised;
  • The use of multi-site data or cross-app data on the browser or device on which choice is being exercised when that data was collected on another computer or device that is linked with the browser or device on which choice is being exercised; and
  • The transfer to a non-affiliate of multi-site data and/or cross-app data collected from the browser or device on which choice is being exercised.

Therefore, once a user opts-out of the collection and use of data for behavioral advertising purposes on one device, data collected from that device may not be used for behavioral advertising purposes on other devices that might be linked to the initial device on which the opt-out was exercised. The guidance specifically clarifies that this level of control does not address choice with respect to an entire device graph. As a result, users may need to exercise an opt-out on multiple devices to completely eliminate all retargeting from an individual provider.

Bottom Line

The DAA’s new guidance is the first self-regulatory foray into the cross-device tracking practices. Issued on the same day as a Federal Trade Commission workshop on “Cross-Device Tracking,” the industry is again hoping that staying ahead of the curve and establishing best practices to address the privacy concerns of regulators and consumers will keep lawmakers at bay.