The Digital Advertising Alliance (DAA), a self-regulatory organization that has established and enforces responsible privacy practices across industry for relevant digital advertising, has begun to enforce its Principals applicable to “interest-based” advertising in the mobile context.
Independent oversight of the DAA Principals is conducted by The Council of Better Business Bureaus (CBBB) and the Direct Marketing Association (DMA) through the Online Interest-Based Advertising Accountability Program (the Accountability Program).
The recent decisions of the Accountability Program are a helpful roadmap for best practices to avoid unwanted scrutiny on how a mobile app should comply with DAA Principals – and privacy rules generally applicable in the United States. Read more>
In particular, the Accountability Program has found a few Apps that had not been adequately providing the required “notice and choice” for the use of digital trackers in the mobile environment. Furthermore, as some of the Apps under review appeal to children under the age of 13, these Apps agreed to adopt “age gates” in order to come into compliance with the DAA Principals, because the data tracking techniques used for interest-based advertising purposes may be permissible for adults – but not for children under the Children’s Online Privacy Protection Act (COPPA).
Enhanced Notice of Tracking Activities
What to Do About Under Age Visitors
While many apps and sites are targeted at a general audience, the COPPA rules are quite strict about requiring parental consent to collect personal information – including the persistent identifiers used for targeted advertising purposes – from visitors who are actually known to be under 13 years old, or from visitors to sites directed at children.
In its recent decisions, the Accountability Program required the use of age gates to prevent the impermissible collection of information from children by two apps that claimed to be of general interest, but appeared to have substantial appeal to children.
In determining that the apps were directed at children, the Accountability Program looked at various aspects, including the nature of the apps – one focuses on the exploits of a cartoon mouse with exaggerated features which inhabits a colorful, cartoon environment – the other a car being chased by a police car in a colorful cartoonish environment, as well as the App Store ratings – one was given a 4+ rating and the other a 9+ rating, meaning the game is suitable for ages 4 and over or 9 and over.
In order to bring the apps into COPPA compliance, the owners of these apps agreed to implement an age-screening gate so that the app would no longer itself – or permit third parties to – collect interest-based advertising data from visitors under 13.
Adopt Best Practices
Distributors of mobile apps should consider adopting these steps that the Accountability Program has required – to assure compliance with the DAA’s self-regulatory requirements (including the COPPA requirements), as well as provide a valuable baseline in the event that the FTC or other regulators take a more stringent view of the required privacy notifications.
This is an area of rapidly changing requirements, and app distributors may be unaware of the extent of the data tracking they are enabling on the apps they distribute. A savvy app distributor would be smart to comply with these DAA requirements, and be well positioned as the rules continue to evolve.