As the federal government makes overtures toward regulating what marketers can and cannot do with consumers’ digital data, trade organizations have responded by initiating their own policies for self-regulation. The maturation of the mobile computing environment has complicated this picture, which is why today the Digital Advertising Alliance (DAA) codified principles for data collection measures and notifications on mobile devices.
Most of the DAA’s principles were ported over from guidelines it had previously published, focusing on the collection of data in a desktop computing environment. However, smartphones and tablets offer some unique data sets, which prompted the DAA to extend its regulatory oversight. These include data related to information that pinpoints a device’s physical location and data from consumers’ personal directories—defined by the DAA as calendars, address books, phone or text logs, and photo or video data created and/or accessed on a mobile device. In addition, the Network Advertising Initiative (NAI), one of the seven trade organizations that constitute the DAA and whose members are ad networks and ad exchanges, released a Mobile Application Code designed to complement the DAA’s self-regulatory program.
Lou Mastria, managing director at the DAA, calls these guidelines “the largest choice tool that’s ever been available either online or in the mobile environment. It educates consumers on what’s going on with data, gives them a sense of how data is powering their experience, how it’s being used, and whether it’s being used responsibly.”
The new mobile-focused guidelines state that companies must “give clear, meaningful, and prominent notice” when transferring so-called “Precise Location Data” to a third party (such as a marketing affiliate or services provider). Companies also need to provide a clear means for consumers to withdraw their consent that allows this transfer.
Additionally, the DAA regulations forbid companies from intentionally accessing a mobile device without permission and retrieving or using any Personal Directory Data.
These stipulations reflect the crux of the DAA’s data regulations across all digital environments: namely, when data is collected across different applications over a period of time—whether in a mobile or desktop environment—consumers must have “clear, meaningful, and prominent notice” that this is happening and be provided with a simple mechanism to opt out.
However, the best practices that define “clear, meaningful, and prominent notice” aren’t always clear, especially in a mobile environment where screen sizes are smaller. Stu Ingis, general counsel of the DAA, points to the Advertising Option Icon, which the organization introduced in 2010, as a method for giving notice (users click on the triangular icon that appears next to an ad and receive relevant information about why they’re being marketed to). Mastria points out that the icon is served at a rate of one trillion times per month.
The release and enforcement of these new regulations will occur in stages. The first stage, beginning today, is informative and notifies companies that they must take action to be in compliance. After a period of time—Mastria was reluctant to commit to a specific time frame, though he estimated roughly 12 months—the DAA will put out additional guidance and enforcement will begin via organizations like the Direct Marketing Association (DMA) and the Better Business Bureau (BBB).
“One of the hallmarks of the DAA program is it’s ecosystem wide,” Mastria says. “It doesn’t just apply to DAA participants. It applies to everybody who’s collecting cross-app data.”
Non-complying businesses will be investigated by the organizations tasked with enforcement. “Your company could wind up in a press release and there’s bad press,” Mastria says. “There’s also the possibility if you don’t come into compliance, we’ll refer you to the FTC.” The FTC’s suggested guidelines around data governance typically serve as the groundwork for the regulations established by marketing trade organizations.
Mastria points to a less punitive reason why businesses want to comply with the DAA’s guidelines: “Consumers want to do business with reputable companies,” he says. “More than you would think, companies call up and want to be compliant with the DAA principles because their partners want them to do it.”