Like Data for Chocolate: Takeaways from a recent mobile video ads case

May 20, 2020, 09:00 AM by BBB National Programs

These industry standards make it apparent that if you have a website or app and allow collection of IBA data, you need to tell your users. Providing proper notice first means clearly describing your IBA in a privacy disclosure, along with a statement that you adhere to the DAA Principles to let users know that you follow IBA best practices. Your disclosure should also give instructions to users describing how to opt out of IBA. In the desktop context, this means linking to the DAA’s WebChoices page or similar opt-out mechanisms. In the mobile world, this often means pointing users to the AppChoices app for operating systems like Android or iOS.

In addition, proper notice means adding an enhanced notice link on every page of your own website to direct your users to your IBA disclosure. We call it “enhanced” because it is a clear, meaningful, and prominent link that takes users to a place where they can learn more about your IBA practices. Footers and sidebars are handy places to put this.

Correspondingly, if you are collecting data for IBA from someone else’s website or app, you should also make sure consumers have notice. You and the site you are collecting from both share the responsibility to make this happen. This is easy to accomplish if you happen to be serving interest-based ads on the site. Just put a signal (such as the AdChoices icon aci) on your ad linking consumers to an IBA disclosure.

If, on the other hand, someone else serves the ad on your behalf, make sure they include an enhanced notice signal! If no ads appear on the site—such as when data is collected for retargeting—you may have to work closely with the website operator to make sure enhanced notice happens anyway.

Finally, if you collect precise location data for IBA, you must also seek the user’s specific opt-in consent for this use of their data. This is in addition to the other notice and opt-out requirements for IBA. Whether you do this through standard platform opt-in dialogs or a custom-built solution, be sure to include enough information so that users know how their data will be used.

Our Chocolate decision involved a mobile video ad exchange and mobile SDK mediation platform. Though the company did not serve ads directly to consumers, under the Principles it had a responsibility to respect opt-out choices and pass them to its partners and to make sure its partners include proper notice on any interest-based ads that they serve on its behalf. The company worked with us to make these changes by modifying its technical controls and contractual language with its partners. We appreciate the support of companies like this for industry self-regulation.

Getting IBA privacy practices right can sometimes seem complex. But if you focus on the first principles of transparency and choice, you will be well on your way to meeting your obligations. Of course, if you have any questions about your obligations under the DAA Principles, please feel free to contact us.

Suggested Articles

Blog

The 2000s Introduced the Internet and Influencers to Ad Law

The 2000s was a decade of change as online advertising exploded and, as a harbinger of things to come, the online environment became fertile ground for innovative ways to both communicate with consumers or, for the unscrupulous, take advantage of unwary consumers. The low barriers to entry allowed disrupters to enter the digital space and forced traditional marketers to compete in this space or be left behind.
Read more
Blog

For Developers: Get to Know the CARU Advertising Guidelines

The CARU Advertising Guidelines are widely recognized industry standards that help ensure advertising directed to children is fair and appropriate for its intended audience across any form of child-directed media. The CARU team outlines some key revisions to the Guidelines to which mobile developers should pay heed.
Read more
Blog

Getting Certified: Cisco Demonstrates Dedication to Customer Success through APEC Privacy Compliance

Cisco is an example of how a global company must navigate a variety of legal privacy regimes, while also being dedicated to leading the way on data privacy to maintain and further enhance a trusted relationship with its customers. To thread this needle, Cisco has chosen to rely on a third-party privacy certification offered by our team at BBB National Programs.
Read more
Blog

Lemon Law 101: Understanding the Law and Your Rights

If your vehicle is under warranty, lemon laws require your vehicle manufacturer to repair your vehicle. The federal lemon law, known as the Magnusson-Moss Warranty Act (“Mag-Moss”), and state lemon laws are in place to protect consumers from getting stuck with “lemons.” It is important to understand the difference between state and federal lemon laws as well as how you and your vehicle are covered under each.
Read more