Privacy Watchdog Finds T-Mobile in Substantial Compliance with Advertising Privacy Best Practices

703.247.9330 / press@bbbnp.org

McLean, VA – May 2, 2022 – BBB National Programs’ data privacy watchdog, the Digital Advertising Accountability Program (DAAP), worked with T-Mobile USA, Inc. to bring it into compliance with the Digital Advertising Alliance’s (DAA) Self-Regulatory Principles. 

DAAP monitors the digital marketplace for compliance with digital advertising best practices. As part of its ongoing monitoring activity, DAAP conducted a review of T-Mobile’s Privacy Notice, as published on its website. 

In response to publicity regarding T-Mobile’s announced changes to its Privacy Notice, DAAP found the following text prominently displayed on T-Mobile’s website: 

• Starting April 26, 2021, T-Mobile will begin using some data we have about you, including information we learn from your web and device usage data (like the apps installed on your device) and interactions with our products and services, for our own and third party advertising, unless you tell us not to.

In addition, T-Mobile’s Privacy Notice stated:

• We keep this privacy notice up to date. When we make changes, we will let you know by updating the date at the top of the page. If we’re making a big change (one that is considered material), we’ll also reach out to you (e.g., by text or email or with your bill). If you keep using our products and services after we notify you of a big change, we’ll take that to mean you’re fine with it. 

DAAP’s investigation concerned whether, in announcing and implementing these material changes to its Privacy Notice and data collection and use practices, T-Mobile was complying with the DAA’s Self-Regulatory Principles for Online Behavioral Advertising. This examination required consideration of T-Mobile’s obligations depending on what role it was playing, i.e., whether it was a service provider, a first party, or a third party, as described in the DAA Principles. 

Regarding the material change to its interest-based advertising practices, DAAP concluded that because T-Mobile did not apply the material change retroactively to prior-collected data, it did not need to obtain consent to the change. However, DAAP recommended, and T-Mobile agreed, that T-Mobile change the wording of its privacy policy to make it clear that it was not using prior-collected data for IBA and that if it decided to do so in the future, it would first obtain consumers’ consent.

DAAP also concluded that T-Mobile is not a service provider (i.e., an entity that collects data from all or substantially all URLs traversed by its customers’ web browsers) in the context of this newly-announced service, because it does not engage in such data collection. But because T-Mobile’s Privacy Notice stated that it does engage in such data collection, DAAP recommended, and the company agreed, that the inaccurate reference to web browsing activity be removed from the Privacy Notice.

Next, DAAP considered T-Mobile as a first party that has control over some apps with which the consumer interacts and from which data is used for IBA, but concluded that because T-Mobile has not authorized third parties to collect data directly from such apps, it is not obligated to provide notice to consumers about this use in its role as a first party.

Finally, T-Mobile indicated that it collects and uses cross-app data as a third party, subjecting it to the pertinent requirements of the DAA’s Mobile Guidance. Specifically, T-Mobile would be required to provide clear, meaningful, and prominent notice of the types and uses of data collected. DAAP concluded that T-Mobile’s notices were not sufficiently clear in delineating the types of data collected and the different uses of the data. In response, T-Mobile increased the clarity of its disclosures by expanding and better stratifying its IBA disclosures, helping consumers better understand what data it collects and for which purposes certain data types are used. 

All BBB National Programs case decision summaries can be found in the case decision library. For the full text of DAAP decisions, visit the DAAP Decisions and Guidance webpage.