BBB National Programs Newsroom

Privacy Watchdog Finds T-Mobile in Substantial Compliance with Advertising Privacy Best Practices

For Immediate Release
Contact: Abby Hills, Director of Communications, BBB National Programs

703.247.9330 / press@bbbnp.org

McLean, VA – May 2, 2022 – BBB National Programs’ data privacy watchdog, the Digital Advertising Accountability Program (DAAP), worked with T-Mobile USA, Inc. to bring it into compliance with the Digital Advertising Alliance’s (DAA) Self-Regulatory Principles. 

DAAP monitors the digital marketplace for compliance with digital advertising best practices. As part of its ongoing monitoring activity, DAAP conducted a review of T-Mobile’s Privacy Notice, as published on its website. 

In response to publicity regarding T-Mobile’s announced changes to its Privacy Notice, DAAP found the following text prominently displayed on T-Mobile’s website: 

  • Starting April 26, 2021, T-Mobile will begin using some data we have about you, including information we learn from your web and device usage data (like the apps installed on your device) and interactions with our products and services, for our own and third party advertising, unless you tell us not to.

 

In addition, T-Mobile’s Privacy Notice stated:

  • We keep this privacy notice up to date. When we make changes, we will let you know by updating the date at the top of the page. If we’re making a big change (one that is considered material), we’ll also reach out to you (e.g., by text or email or with your bill). If you keep using our products and services after we notify you of a big change, we’ll take that to mean you’re fine with it. 

 

DAAP’s investigation concerned whether, in announcing and implementing these material changes to its Privacy Notice and data collection and use practices, T-Mobile was complying with the DAA’s Self-Regulatory Principles for Online Behavioral Advertising. This examination required consideration of T-Mobile’s obligations depending on what role it was playing, i.e., whether it was a service provider, a first party, or a third party, as described in the DAA Principles. 

Regarding the material change to its interest-based advertising practices, DAAP concluded that because T-Mobile did not apply the material change retroactively to prior-collected data, it did not need to obtain consent to the change. However, DAAP recommended, and T-Mobile agreed, that T-Mobile change the wording of its privacy policy to make it clear that it was not using prior-collected data for IBA and that if it decided to do so in the future, it would first obtain consumers’ consent.

DAAP also concluded that T-Mobile is not a service provider (i.e., an entity that collects data from all or substantially all URLs traversed by its customers’ web browsers) in the context of this newly-announced service, because it does not engage in such data collection. But because T-Mobile’s Privacy Notice stated that it does engage in such data collection, DAAP recommended, and the company agreed, that the inaccurate reference to web browsing activity be removed from the Privacy Notice.

Next, DAAP considered T-Mobile as a first party that has control over some apps with which the consumer interacts and from which data is used for IBA, but concluded that because T-Mobile has not authorized third parties to collect data directly from such apps, it is not obligated to provide notice to consumers about this use in its role as a first party.

Finally, T-Mobile indicated that it collects and uses cross-app data as a third party, subjecting it to the pertinent requirements of the DAA’s Mobile Guidance. Specifically, T-Mobile would be required to provide clear, meaningful, and prominent notice of the types and uses of data collected. DAAP concluded that T-Mobile’s notices were not sufficiently clear in delineating the types of data collected and the different uses of the data. In response, T-Mobile increased the clarity of its disclosures by expanding and better stratifying its IBA disclosures, helping consumers better understand what data it collects and for which purposes certain data types are used. 

All BBB National Programs case decision summaries can be found in the case decision library. For the full text of DAAP decisions, visit the DAAP Decisions and Guidance webpage.

Privacy Watchdog Finds T-Mobile in Substantial Compliance with Advertising Privacy Best Practices

For Immediate Release
Contact: Abby Hills, Director of Communications, BBB National Programs

703.247.9330 / press@bbbnp.org

McLean, VA – May 2, 2022 – BBB National Programs’ data privacy watchdog, the Digital Advertising Accountability Program (DAAP), worked with T-Mobile USA, Inc. to bring it into compliance with the Digital Advertising Alliance’s (DAA) Self-Regulatory Principles. 

DAAP monitors the digital marketplace for compliance with digital advertising best practices. As part of its ongoing monitoring activity, DAAP conducted a review of T-Mobile’s Privacy Notice, as published on its website. 

In response to publicity regarding T-Mobile’s announced changes to its Privacy Notice, DAAP found the following text prominently displayed on T-Mobile’s website: 

  • Starting April 26, 2021, T-Mobile will begin using some data we have about you, including information we learn from your web and device usage data (like the apps installed on your device) and interactions with our products and services, for our own and third party advertising, unless you tell us not to.

 

In addition, T-Mobile’s Privacy Notice stated:

  • We keep this privacy notice up to date. When we make changes, we will let you know by updating the date at the top of the page. If we’re making a big change (one that is considered material), we’ll also reach out to you (e.g., by text or email or with your bill). If you keep using our products and services after we notify you of a big change, we’ll take that to mean you’re fine with it. 

 

DAAP’s investigation concerned whether, in announcing and implementing these material changes to its Privacy Notice and data collection and use practices, T-Mobile was complying with the DAA’s Self-Regulatory Principles for Online Behavioral Advertising. This examination required consideration of T-Mobile’s obligations depending on what role it was playing, i.e., whether it was a service provider, a first party, or a third party, as described in the DAA Principles. 

Regarding the material change to its interest-based advertising practices, DAAP concluded that because T-Mobile did not apply the material change retroactively to prior-collected data, it did not need to obtain consent to the change. However, DAAP recommended, and T-Mobile agreed, that T-Mobile change the wording of its privacy policy to make it clear that it was not using prior-collected data for IBA and that if it decided to do so in the future, it would first obtain consumers’ consent.

DAAP also concluded that T-Mobile is not a service provider (i.e., an entity that collects data from all or substantially all URLs traversed by its customers’ web browsers) in the context of this newly-announced service, because it does not engage in such data collection. But because T-Mobile’s Privacy Notice stated that it does engage in such data collection, DAAP recommended, and the company agreed, that the inaccurate reference to web browsing activity be removed from the Privacy Notice.

Next, DAAP considered T-Mobile as a first party that has control over some apps with which the consumer interacts and from which data is used for IBA, but concluded that because T-Mobile has not authorized third parties to collect data directly from such apps, it is not obligated to provide notice to consumers about this use in its role as a first party.

Finally, T-Mobile indicated that it collects and uses cross-app data as a third party, subjecting it to the pertinent requirements of the DAA’s Mobile Guidance. Specifically, T-Mobile would be required to provide clear, meaningful, and prominent notice of the types and uses of data collected. DAAP concluded that T-Mobile’s notices were not sufficiently clear in delineating the types of data collected and the different uses of the data. In response, T-Mobile increased the clarity of its disclosures by expanding and better stratifying its IBA disclosures, helping consumers better understand what data it collects and for which purposes certain data types are used. 

All BBB National Programs case decision summaries can be found in the case decision library. For the full text of DAAP decisions, visit the DAAP Decisions and Guidance webpage.

Blog

Are used cars covered under lemon laws?

Do your homework to make sure the used car you plan to buy is not a lemon, and if it is, does the lemon law cover it? The answer may depend on where you purchased the vehicle or where you live.
Read more
Blog

Case Study: Getting to Compliance with CARU and COPPA

In a recent case, CARU worked with TickTalk to help them achieve compliance with CARU’s Privacy Guidelines and the Children’s Online Privacy Protection Act (COPPA). CARU sat down with TickTalk once the case had closed to discuss their experience as well as some of the privacy challenges many companies face in the children’s space.
Read more
Blog

What to Know About the Georgia Lemon Law

BBB AUTO LINE provides an overview of each state’s lemon laws. In our ongoing blog series, we offer further insights on the laws for select states, and how BBB AUTO LINE can support consumers with lemon law disputes. Florida, California, and Texas have been covered. This post reviews the nuances of the lemon law in the Peachtree State – Georgia.
Read more
Blog

The TAPP Roadmap: Helping U.S. Companies Responsibly Collect and Manage Teenager Data

The TeenAge Privacy Program (TAPP) Roadmap was designed to assist any business that wishes to engage proactively with teen consumers, providing an operational framework to map the broad spectrum of potential harms impacting teens onto a concrete set of operational considerations.
Read more

Privacy Watchdog Finds T-Mobile in Substantial Compliance with Advertising Privacy Best Practices

For Immediate Release
Contact: Abby Hills, Director of Communications, BBB National Programs

703.247.9330 / press@bbbnp.org

McLean, VA – May 2, 2022 – BBB National Programs’ data privacy watchdog, the Digital Advertising Accountability Program (DAAP), worked with T-Mobile USA, Inc. to bring it into compliance with the Digital Advertising Alliance’s (DAA) Self-Regulatory Principles. 

DAAP monitors the digital marketplace for compliance with digital advertising best practices. As part of its ongoing monitoring activity, DAAP conducted a review of T-Mobile’s Privacy Notice, as published on its website. 

In response to publicity regarding T-Mobile’s announced changes to its Privacy Notice, DAAP found the following text prominently displayed on T-Mobile’s website: 

  • Starting April 26, 2021, T-Mobile will begin using some data we have about you, including information we learn from your web and device usage data (like the apps installed on your device) and interactions with our products and services, for our own and third party advertising, unless you tell us not to.

 

In addition, T-Mobile’s Privacy Notice stated:

  • We keep this privacy notice up to date. When we make changes, we will let you know by updating the date at the top of the page. If we’re making a big change (one that is considered material), we’ll also reach out to you (e.g., by text or email or with your bill). If you keep using our products and services after we notify you of a big change, we’ll take that to mean you’re fine with it. 

 

DAAP’s investigation concerned whether, in announcing and implementing these material changes to its Privacy Notice and data collection and use practices, T-Mobile was complying with the DAA’s Self-Regulatory Principles for Online Behavioral Advertising. This examination required consideration of T-Mobile’s obligations depending on what role it was playing, i.e., whether it was a service provider, a first party, or a third party, as described in the DAA Principles. 

Regarding the material change to its interest-based advertising practices, DAAP concluded that because T-Mobile did not apply the material change retroactively to prior-collected data, it did not need to obtain consent to the change. However, DAAP recommended, and T-Mobile agreed, that T-Mobile change the wording of its privacy policy to make it clear that it was not using prior-collected data for IBA and that if it decided to do so in the future, it would first obtain consumers’ consent.

DAAP also concluded that T-Mobile is not a service provider (i.e., an entity that collects data from all or substantially all URLs traversed by its customers’ web browsers) in the context of this newly-announced service, because it does not engage in such data collection. But because T-Mobile’s Privacy Notice stated that it does engage in such data collection, DAAP recommended, and the company agreed, that the inaccurate reference to web browsing activity be removed from the Privacy Notice.

Next, DAAP considered T-Mobile as a first party that has control over some apps with which the consumer interacts and from which data is used for IBA, but concluded that because T-Mobile has not authorized third parties to collect data directly from such apps, it is not obligated to provide notice to consumers about this use in its role as a first party.

Finally, T-Mobile indicated that it collects and uses cross-app data as a third party, subjecting it to the pertinent requirements of the DAA’s Mobile Guidance. Specifically, T-Mobile would be required to provide clear, meaningful, and prominent notice of the types and uses of data collected. DAAP concluded that T-Mobile’s notices were not sufficiently clear in delineating the types of data collected and the different uses of the data. In response, T-Mobile increased the clarity of its disclosures by expanding and better stratifying its IBA disclosures, helping consumers better understand what data it collects and for which purposes certain data types are used. 

All BBB National Programs case decision summaries can be found in the case decision library. For the full text of DAAP decisions, visit the DAAP Decisions and Guidance webpage.

 

 

Media Inquiry