Privacy Watchdog Finds T-Mobile in Substantial Compliance with Advertising Privacy Best Practices

For Immediate Release
Contact: Abby Hills, Director of Communications, BBB National Programs

703.247.9330 / press@bbbnp.org

McLean, VA – May 2, 2022 – BBB National Programs’ data privacy watchdog, the Digital Advertising Accountability Program (DAAP), worked with T-Mobile USA, Inc. to bring it into compliance with the Digital Advertising Alliance’s (DAA) Self-Regulatory Principles. 

DAAP monitors the digital marketplace for compliance with digital advertising best practices. As part of its ongoing monitoring activity, DAAP conducted a review of T-Mobile’s Privacy Notice, as published on its website. 

In response to publicity regarding T-Mobile’s announced changes to its Privacy Notice, DAAP found the following text prominently displayed on T-Mobile’s website: 

  • Starting April 26, 2021, T-Mobile will begin using some data we have about you, including information we learn from your web and device usage data (like the apps installed on your device) and interactions with our products and services, for our own and third party advertising, unless you tell us not to.

 

In addition, T-Mobile’s Privacy Notice stated:

  • We keep this privacy notice up to date. When we make changes, we will let you know by updating the date at the top of the page. If we’re making a big change (one that is considered material), we’ll also reach out to you (e.g., by text or email or with your bill). If you keep using our products and services after we notify you of a big change, we’ll take that to mean you’re fine with it. 

 

DAAP’s investigation concerned whether, in announcing and implementing these material changes to its Privacy Notice and data collection and use practices, T-Mobile was complying with the DAA’s Self-Regulatory Principles for Online Behavioral Advertising. This examination required consideration of T-Mobile’s obligations depending on what role it was playing, i.e., whether it was a service provider, a first party, or a third party, as described in the DAA Principles. 

Regarding the material change to its interest-based advertising practices, DAAP concluded that because T-Mobile did not apply the material change retroactively to prior-collected data, it did not need to obtain consent to the change. However, DAAP recommended, and T-Mobile agreed, that T-Mobile change the wording of its privacy policy to make it clear that it was not using prior-collected data for IBA and that if it decided to do so in the future, it would first obtain consumers’ consent.

DAAP also concluded that T-Mobile is not a service provider (i.e., an entity that collects data from all or substantially all URLs traversed by its customers’ web browsers) in the context of this newly-announced service, because it does not engage in such data collection. But because T-Mobile’s Privacy Notice stated that it does engage in such data collection, DAAP recommended, and the company agreed, that the inaccurate reference to web browsing activity be removed from the Privacy Notice.

Next, DAAP considered T-Mobile as a first party that has control over some apps with which the consumer interacts and from which data is used for IBA, but concluded that because T-Mobile has not authorized third parties to collect data directly from such apps, it is not obligated to provide notice to consumers about this use in its role as a first party.

Finally, T-Mobile indicated that it collects and uses cross-app data as a third party, subjecting it to the pertinent requirements of the DAA’s Mobile Guidance. Specifically, T-Mobile would be required to provide clear, meaningful, and prominent notice of the types and uses of data collected. DAAP concluded that T-Mobile’s notices were not sufficiently clear in delineating the types of data collected and the different uses of the data. In response, T-Mobile increased the clarity of its disclosures by expanding and better stratifying its IBA disclosures, helping consumers better understand what data it collects and for which purposes certain data types are used. 

All BBB National Programs case decision summaries can be found in the case decision library. For the full text of DAAP decisions, visit the DAAP Decisions and Guidance webpage.

Latest Decisions

Decision

Children’s Advertising Review Unit Finds Outright Games in Violation of COPPA and CARU’s Advertising and Privacy Guidelines; Company Agrees to Corrective Actions

McLean, VA – July 6, 2022 – The Children’s Advertising Review Unit (CARU) has found Outright Games, owner and operator of the Bratz Total Fashion Makeover app, in violation of the Children’s Online Privacy Protection Act (COPPA) and CARU’s Self-Regulatory Guidelines for...

Read the Decision Summary
Decision

National Advertising Division Recommends Dakota Nutrition Discontinue Claims that Dietary Supplements Contain Elderberry

New York, NY – June 29, 2022 – The National Advertising Division (NAD) recommended that Dakota Nutrition, Inc. discontinue challenged express and implied claims that its dietary supplements contain the ingredient elderberry. This recommendation applies to marketing claims for three products: Extra Strength Elderberry...

Read the Decision Summary
Decision

In Two Fast-Track SWIFT Cases, National Advertising Division Recommends Advertiser Claims be Discontinued in One, Modification of Disclosures in Other

New York, NY – June 28, 2022 – The National Advertising Division (NAD) of BBB National Programs closed two Fast-Track SWIFT cases in May 2022. In these cases, AT&T Services, Inc. challenged Charter Communications, Inc.’s (Spectrum) claim that AT&T’s internet service provides...

Read the Decision Summary
Decision

National Advertising Division Finds Challenged DuckDuckGo Privacy Claims Supported; Recommends Clarifications for Use of App

New York, NY – June 23, 2022 – The National Advertising Division (NAD) determined that DuckDuckGo provided a reasonable basis for certain claims related to its Privacy Browser mobile app and Privacy Essentials desktop extension. 

Read the Decision Summary