mobile privacy

Digital ads group promotes a mobile consumer privacy policy

The Digital Advertising Alliance (DAA), a coalition of leading advertising trade groups and companies from a variety of industries that has been advancing a self-regulatory approach to online privacy, is rolling out a set of principles to cover the mobile Web.

Formed in 2010, the DAA has pushed the Advertising Option icon to sites across the Web. That icon, which today garners some 1 trillion impressions a month, invites consumers to click to learn about the various companies involved in serving the ad, what information is being collected and how they can limit it.

Protecting mobile users

Now, with smartphones becoming the device of choice for many users to access the Web, the group is planning to bring a similar set of guidelines to the mobile world.

"What we're hoping to do is basically bring that kind of transparency, that kind of control, over to the mobile Web and the mobile app environment," Lou Mastria, managing director of the DAA, said in an interview with CIO.com.

The rollout of the group's proposal comes amid continued scrutiny into the practices of online advertisers, ad-tech companies, nd data brokers, with some members of Congress advocating for legislation to codify a set of privacy protections. Federal officials at both the Department of Commerce and the Federal Trade Commission have also been probing industry practices with an eye toward regulation.

The DAA has been an active voice in those discussions, serving as a consistent advocate for strong but self-regulatory guidelines. To critics skeptical that the industry can effectively regulate itself, the group points to its enforcement mechanism through which the Better Business Bureau (BBB) and Direct Marketing Association (DMA) hold firms to account with the threat of referring violators to the FTC or other government authorities. To date, the BBB and DMA have taken public action on 19 companies for violating the DAA's rules, each of which resulted in the firms coming into compliance, according to Mastria.

"Our enforcement authority's pretty muscular," he says.

Privacy notices, data security

Now, the group is setting its sights on the mobile Web, with plans to draft rules governing privacy notice and controls for data that is shared across multiple applications, location-based information and the photos, text logs and other content that users create—what the DAA calls personal-directory data.

The new guidelines will largely be an extension of the framework the DAA developed for the desktop, including transplanting the ad options icon to the small screen and making privacy disclosures more accessible to users.

"What we would expect to see in the next little while is the icon would be used in signaling to consumers when data is being collected in these various ways," Mastria says. "One of the big things that we do is we take privacy disclosure notices around cross-app data and we take them out of the privacy policy and put them in a highly visible area, highly visible real estate."

Today's release is just the beginning of the process. With the rollout of the principles, the DAA "is really putting everyone on notice" that new rules will be forthcoming, Mastria says. Then, between six months to a year from now, the DAA plans to publish its implementation guidelines and the rules will become enforceable. In the meantime, the trade associations that comprise the DAA will conduct what Mastria says will be a vigorous campaign of outreach and education to help their member companies prepare for the mobile privacy framework. The DAA is also planning to develop an app to help consumers manage their privacy preferences across the mobile Web.

Ahead of those more technical guidelines, Mastria says he is unable to comment on the specific mechanisms of the mobile privacy framework, but notes that its intention is effectively to give consumers the ability to shut off data sharing across multiple applications, and keep their location and personal directory data private.

The DAA says that it plans eventually to consolidate the past guidance it has offered for online behavioral advertising and data collection across multiple sites with the mobile framework for a single set of principles.

Subscribe to the Security Watch Newsletter

Comments