BBB National Programs Newsroom

Privacy Watchdog Brings Popular Exercise and Healthcare Apps into Compliance with Digital Advertising Best Practices

For Immediate Release 

Contact: Abby Hills, Director of Communications, BBB National Programs 

301.412.7769 / ahills@bbbnp.org  

 

Arlington, VA – July 8, 2020 – BBB National Programs’ privacy watchdog, the Digital Advertising Accountability Program (DAAP), today released two new data privacy cases for popular mobile apps from GoodRx and Rock My World, issuing recommendations and outlining actions taken to date to bring these companies into compliance with the Digital Advertising Alliance’s Self-Regulatory Principles.

As a result of DAAP’s in-house technical monitoring of the mobile app marketplace and the open web, GoodRx, the creator of the eponymous price tracking app that offers free prescription prices and coupons, and Rock My World, the publisher of the music and exercise app Rock My Run, each updated their privacy disclosures to meet interest-based advertising data privacy requirements.  

DAAP identified digital ad companies on the GoodRx website collecting cookie data for possible interest-based advertising purposes. DAAP extended its network traffic analysis of GoodRx to its app and found that mobile device identifiers were collected by third-party ad partners of GoodRx. At this point DAAP reached out to GoodRx, informing the app creator of steps it would need to take to make these practices compliant and fair to website and app users.  

GoodRx swiftly implemented all DAAP’s recommendations to make information about its privacy practices more accessible, including:  

 

  •  Incorporating an up-front “enhanced notice” link on every page where third parties collect cookie data on GoodRx’s website, which leads directly to a description of this activity and a link to industry-developed opt-out tools.  

  • Adding a jump link to the top of its privacy policy that mobile device users can follow to learn more about GoodRx’s advertising practices.  

  • Adding a statement of adherence to the DAA Principles to its privacy disclosures. 

 

DAAP conducts testing of popular mobile apps available on major platforms, sending letters to app publishers where it finds a gap in compliance with best privacy practices. After receiving a DAAP inquiry letter about third parties collecting mobile device identifiers through its app, Rock My World followed DAAP’s recommendations to comply with behavioral advertising data privacy requirements.  

Rock My World updated its privacy policy to add a notice about targeted advertising that includes a privacy opt-out tool and ensured that users receive “enhanced notice” of third-party data collection by adding a jump-link to the top of its privacy policy pointing users to this disclosure. In addition, Rock My World disabled the collection of precise location data from its app to ensure that third parties do not receive this sensitive data.  

Today’s case release represents DAAP’s 119th public action since the program began its self-regulatory mission in 2011. 

 

### 

 

About the Digital Advertising Accountability Program: The Digital Advertising Accountability Program (DAAP), a division of BBB National Programs, was developed by the Digital Advertising Alliance (DAA) to enforce industry self-regulation principles for data privacy in online and mobile advertising, holding companies accountable to the DAA’s Privacy Principles. DAAP provides guidance to companies looking to comply with industry principles and responds to complaints filed by consumers about online privacy.   

About BBB National Programs:  BBB National Programs is where businesses turn to enhance consumer trust and consumers are heard. This independent, non-profit organization enhances trust, innovation, and competition in the marketplace through the development and delivery of cost-effective, third-party self-regulation, dispute resolution, and accountability programs. BBB National Programs’ 10 leading industry self-regulation and dispute resolution programs resolve business issues of national and international importance, and fosters industry best practices in truth-in-advertising, child-directed marketing, data privacy, and dispute resolution. To learn more about industry self-regulation, visit bbbprograms.org.   

 

Privacy Watchdog Brings Popular Exercise and Healthcare Apps into Compliance with Digital Advertising Best Practices

For Immediate Release 

Contact: Abby Hills, Director of Communications, BBB National Programs 

301.412.7769 / ahills@bbbnp.org  

 

Arlington, VA – July 8, 2020 – BBB National Programs’ privacy watchdog, the Digital Advertising Accountability Program (DAAP), today released two new data privacy cases for popular mobile apps from GoodRx and Rock My World, issuing recommendations and outlining actions taken to date to bring these companies into compliance with the Digital Advertising Alliance’s Self-Regulatory Principles.

As a result of DAAP’s in-house technical monitoring of the mobile app marketplace and the open web, GoodRx, the creator of the eponymous price tracking app that offers free prescription prices and coupons, and Rock My World, the publisher of the music and exercise app Rock My Run, each updated their privacy disclosures to meet interest-based advertising data privacy requirements.  

DAAP identified digital ad companies on the GoodRx website collecting cookie data for possible interest-based advertising purposes. DAAP extended its network traffic analysis of GoodRx to its app and found that mobile device identifiers were collected by third-party ad partners of GoodRx. At this point DAAP reached out to GoodRx, informing the app creator of steps it would need to take to make these practices compliant and fair to website and app users.  

GoodRx swiftly implemented all DAAP’s recommendations to make information about its privacy practices more accessible, including:  

 

  •  Incorporating an up-front “enhanced notice” link on every page where third parties collect cookie data on GoodRx’s website, which leads directly to a description of this activity and a link to industry-developed opt-out tools.  

  • Adding a jump link to the top of its privacy policy that mobile device users can follow to learn more about GoodRx’s advertising practices.  

  • Adding a statement of adherence to the DAA Principles to its privacy disclosures. 

 

DAAP conducts testing of popular mobile apps available on major platforms, sending letters to app publishers where it finds a gap in compliance with best privacy practices. After receiving a DAAP inquiry letter about third parties collecting mobile device identifiers through its app, Rock My World followed DAAP’s recommendations to comply with behavioral advertising data privacy requirements.  

Rock My World updated its privacy policy to add a notice about targeted advertising that includes a privacy opt-out tool and ensured that users receive “enhanced notice” of third-party data collection by adding a jump-link to the top of its privacy policy pointing users to this disclosure. In addition, Rock My World disabled the collection of precise location data from its app to ensure that third parties do not receive this sensitive data.  

Today’s case release represents DAAP’s 119th public action since the program began its self-regulatory mission in 2011. 

 

### 

 

About the Digital Advertising Accountability Program: The Digital Advertising Accountability Program (DAAP), a division of BBB National Programs, was developed by the Digital Advertising Alliance (DAA) to enforce industry self-regulation principles for data privacy in online and mobile advertising, holding companies accountable to the DAA’s Privacy Principles. DAAP provides guidance to companies looking to comply with industry principles and responds to complaints filed by consumers about online privacy.   

About BBB National Programs:  BBB National Programs is where businesses turn to enhance consumer trust and consumers are heard. This independent, non-profit organization enhances trust, innovation, and competition in the marketplace through the development and delivery of cost-effective, third-party self-regulation, dispute resolution, and accountability programs. BBB National Programs’ 10 leading industry self-regulation and dispute resolution programs resolve business issues of national and international importance, and fosters industry best practices in truth-in-advertising, child-directed marketing, data privacy, and dispute resolution. To learn more about industry self-regulation, visit bbbprograms.org.   

 

Blog

A Cashless Future

How close are we from entering into a world where cash is no longer accepted? Do we truly understand the benefits and implications of completely going cashless and relying solely on financial transactions that are intimately connected with our data? Dr. Shelle Santana, Associate Professor at the Harvard University Business School, answers these questions and more on this episode of the >Better Series podcast.
Read more
Blog

All Things CCPA

After years of debate, discussion, and revisions, the California Consumer Privacy Act (CCPA) -- a law that gives consumers a wide range of rights and creates a series of obligations for businesses -- finally began enforcement on July 1st. Cobun Zweifel-Keegan, Deputy Director of BBB National Programs' Privacy Initiatives, joined Julian Flamant, Associate at Hogan Lovells US LLP, and Heather Federman VP of Privacy and Policy at BigID to discuss what the CCPA means for businesses inside and outside of California.
Read more
Blog

Schrems II: What Do Privacy Shield Businesses Need to Know?

The July 16 decision from the CJEU, known as Schrems II, addressed two mechanisms for transferring EU individuals’ personal data outside the EU. As the situation continues to develop, and before making changes to their practices around international data transfers, businesses should pause to review their data flows, contracts, and substantive commitments, and their current chain of compliance and accountability for data received from the EU.
Read more
Blog

Contact Tracing and Tech: An International Comparison

To confront coronavirus, governments across the globe have devised approaches for tracing its spread and quarantining individuals known to be carriers, also known as “contact tracing.” While almost all strategies rely on traditional means of contacting and recording the movements of infected individuals, many employ modern communications technologies: sensors, Bluetooth, GPS, thermal recognition, facial-recognition, and geofencing.
Read more

Media Inquiry

*Required fields