Privacy Watchdog Finds T-Mobile in Substantial Compliance with Advertising Privacy Best Practices
703.247.9330 / press@bbbnp.org
McLean, VA – May 2, 2022 – BBB National Programs’ data privacy watchdog, the Digital Advertising Accountability Program (DAAP), worked with T-Mobile USA, Inc. to bring it into compliance with the Digital Advertising Alliance’s (DAA) Self-Regulatory Principles.
DAAP monitors the digital marketplace for compliance with digital advertising best practices. As part of its ongoing monitoring activity, DAAP conducted a review of T-Mobile’s Privacy Notice, as published on its website.
In response to publicity regarding T-Mobile’s announced changes to its Privacy Notice, DAAP found the following text prominently displayed on T-Mobile’s website:
- Starting April 26, 2021, T-Mobile will begin using some data we have about you, including information we learn from your web and device usage data (like the apps installed on your device) and interactions with our products and services, for our own and third party advertising, unless you tell us not to.
In addition, T-Mobile’s Privacy Notice stated:
- We keep this privacy notice up to date. When we make changes, we will let you know by updating the date at the top of the page. If we’re making a big change (one that is considered material), we’ll also reach out to you (e.g., by text or email or with your bill). If you keep using our products and services after we notify you of a big change, we’ll take that to mean you’re fine with it.
DAAP’s investigation concerned whether, in announcing and implementing these material changes to its Privacy Notice and data collection and use practices, T-Mobile was complying with the DAA’s Self-Regulatory Principles for Online Behavioral Advertising. This examination required consideration of T-Mobile’s obligations depending on what role it was playing, i.e., whether it was a service provider, a first party, or a third party, as described in the DAA Principles.
Regarding the material change to its interest-based advertising practices, DAAP concluded that because T-Mobile did not apply the material change retroactively to prior-collected data, it did not need to obtain consent to the change. However, DAAP recommended, and T-Mobile agreed, that T-Mobile change the wording of its privacy policy to make it clear that it was not using prior-collected data for IBA and that if it decided to do so in the future, it would first obtain consumers’ consent.
DAAP also concluded that T-Mobile is not a service provider (i.e., an entity that collects data from all or substantially all URLs traversed by its customers’ web browsers) in the context of this newly-announced service, because it does not engage in such data collection. But because T-Mobile’s Privacy Notice stated that it does engage in such data collection, DAAP recommended, and the company agreed, that the inaccurate reference to web browsing activity be removed from the Privacy Notice.
Next, DAAP considered T-Mobile as a first party that has control over some apps with which the consumer interacts and from which data is used for IBA, but concluded that because T-Mobile has not authorized third parties to collect data directly from such apps, it is not obligated to provide notice to consumers about this use in its role as a first party.
Finally, T-Mobile indicated that it collects and uses cross-app data as a third party, subjecting it to the pertinent requirements of the DAA’s Mobile Guidance. Specifically, T-Mobile would be required to provide clear, meaningful, and prominent notice of the types and uses of data collected. DAAP concluded that T-Mobile’s notices were not sufficiently clear in delineating the types of data collected and the different uses of the data. In response, T-Mobile increased the clarity of its disclosures by expanding and better stratifying its IBA disclosures, helping consumers better understand what data it collects and for which purposes certain data types are used.
All BBB National Programs case decision summaries can be found in the case decision library. For the full text of DAAP decisions, visit the DAAP Decisions and Guidance webpage.
Subscribe to the Ad Law Insights or Privacy Initiatives newsletters for an exclusive monthly analysis and insider perspectives on the latest trends and case decisions in advertising law and data privacy.
Latest Decisions
Direct Selling Self-Regulatory Council Recommends Valentus Discontinue Earnings and Product Performance Claims
McLean, VA – December 23, 2024 – The Direct Selling Self-Regulatory Council (DSSRC) recommended Valentus, a direct selling company that sells nutritional and lifestyle products, discontinue earnings and health-related product performance claims made on social media and on the Valentus website.
Direct Selling Self-Regulatory Council Refers Olive Tree Earnings Claims to the FTC and California AG for Possible Enforcement Action
McLean, VA – December 20, 2024 – The Direct Selling Self-Regulatory Council (DSSRC) referred Olive Tree to the Federal Trade Commission (FTC) and California Attorney General's Office for possible enforcement action after Olive Tree failed to respond to a DSSRC inquiry into earnings claims.
Children’s Advertising Review Unit Recommends JustPlay Discontinue or Modify Daisy the Yoga Goat Claims
New York, NY – December 19, 2024 - The Children’s Advertising Review Unit (CARU) launched an investigation into advertising for Just Play’s furReal Daisy the Yoga Goat seeking to determine if the toy’s product packaging and commercial advertisements comply with CARU’s Self-Regulatory Guidelines for Children’s Advertising.
In National Advertising Division Fast-Track SWIFT Challenge, Oral Essentials Voluntarily Modifies “Made in USA” Claims
New York, NY – December 19, 2024 – In a National Advertising Division challenge, Oral Essentials agreed to permanently modify its claim that certain Oral Essentials oral healthcare products are “Made in USA.”