BBB National Programs’ Privacy Watchdog Ensures Shein Adheres to Digital Advertising Privacy Best Practices

McLean, VA – April 11, 2024 - BBB National Programs’ Digital Advertising Accountability Program (DAAP) worked with global fast fashion retailer, Shein (SHEIN US Services, LLC), to bring its website Shein.com and its mobile apps into compliance with the Digital Advertising Alliance’s (DAA) Self-Regulatory Principles for online interest-based advertising (IBA). 

DAAP’s investigation, prompted by a consumer complaint, uncovered noncompliance with the DAA Principles’ Transparency Principle for first-party publishers, which requires clear, meaningful, and prominent notice to consumers about third-party collection of users’ browsing behavior for IBA purposes.

Identified issues included: 

• The footer link “Privacy & Cookies Policy” directed users to the top of Shein’s general privacy policy instead of to specific IBA disclosures, highlighting the need for a distinct link in compliance with the DAA Transparency Principle and a third-party IBA opt-out mechanism.
• Descriptions of third-party IBA data collection were found scattered in the ”Cookies policy” section of the privacy policy, and there was no statement regarding adherence to the DAA Principles.
• Third-party data collection for IBA in mobile applications lacked enhanced notice and adequate IBA opt-out links.

In response to DAAP’s inquiry letter, Shein conducted a comprehensive review of its compliance with the DAA Principles to identify areas that needed strengthening and consulted with DAAP to address them. 

Enhanced Notice of Data Collection for IBA  

To meet its enhanced notice obligations under the DAA Principles, Shein:

• Added an "Ad Choices" link in the website footer that redirects users to a privacy policy section revised to be called “Cookies, Interest-Based Advertising, Ad Choices” that includes:
  • A detailed description of third-party IBA practices.
  • A link and explanation of tools available for users to opt out of IBA.
  • A statement of commitment to the DAA Principles.
• Added an “Ad Choices” link to all mobile web pages.

Compliance with Cross-App Data Collection Requirements 

Shein’s authorization of third-party collection of unique identifiers for IBA in its mobile app triggered compliance responsibilities under the first-party cross-app provisions of the Mobile Guidance. To resolve these issues, Shein:

• Added a message at the top of its privacy policy with a hyperlink directing users to the “Cookies, Interest-Based Advertising, Ad Choices” section.
• Added an “Ad Choices” link within the application settings page, linking users straight to the relevant privacy policy section.

In its statement, Shein stated: At SHEIN, data security, privacy, and transparency are top priorities, and we are committed to providing a great shopping experience for our customers as well as safeguarding their information. We are grateful for the opportunity to participate in DAA’s Accountability Program and appreciate their recognition that we are compliant with the DAA Principles.

All BBB National Programs case decision summaries can be found in the case decision library. For the full text of DAAP decisions, visit the DAAP Decisions and Guidance webpage.