====== 351 ======

12

Digital Advertising Alliance, Application of the Self-Regulatory Principles of Transparency and Control to Data Used Across Devices (November 2015)

Submitted by

Noga Rosenthal

Epsilon/Conversant

Reprinted with permission.

If you find this article helpful, you can learn more about the subject by going to www.pli.edu to view the on demand program or segment for which it was written.

 

====== 353 ======

====== 354 ======

====== 355 ======

Application of the DAA Principles of Transparency and Control to Data Used Across Devices

Overview

This guidance explains how the existing Digital Advertising Alliance (“DAA”) Self-Regulatory Principles for Online Behavioral Advertising (“OBA Principles”) and Multi-Site Data (“MSD Principles”), and the Application of the Self-Regulatory Principles to the Mobile Environment (“Mobile Guidance”) (collectively, the “Principles”) apply to the practice of using Multi-Site Data and Cross-App Data collected from a particular browser or device for use on a different computer or device.

The OBA Principles set forth guidance for when data is collected and used to predict user preferences or interests to deliver advertising to that specific computer or device on which such data was collected.1

Subsequent to the adoption of the OBA Principles, the DAA adopted the MSD Principles in November of 2011 to extend the choice provided for OBA beyond advertising to all uses of Multi-Site Data with enumerated purpose limitations. The MSD Principles are built off

====== 356 ======

of the OBA Principles and by extension also limit the corresponding choice to consumers that was extended to Multi-Site Data to data used on the specific computer or device on which such data was collected.2

As the adoption and use of devices has exploded in recent years, so have the practices and benefits to consumers of integrating and using data collected across devices.3 This guidance is intended to clarify how the Transparency and Consumer Control principles apply to the use of Multi-Site Data and Cross-App Data across devices. The limitations and restrictions set forth in this document are within the scope of the Digital Advertising Alliance accountability programs.

 

====== 357 ======

Transparency

In providing Transparency as set forth in the existing Principles, entities collecting Multi-Site Data and Cross-App Data from a particular browser or device for use on a different computer or device should include in the notice on their own Web sites that describes their data collection and use practices the fact that data collected from a particular browser or device may be used with another computer or device that is linked to the browser or device on which such data was collected, or transferred to a non-Affiliate for such purposes.4 Likewise, the Transparency should include a description of the fact that exercising choice through the consumer choice mechanism limits such collection and use as set forth in the Control Section.5

When data is collected or used on a Web site or through an application, consistent with the existing principles, the First Party should provide a clear, meaningful, and prominent link to a disclosure that either links to the industry developed Web site(s) or choice mechanism that provides control consistent with this guidance or that individually lists Third Parties engaged in the collection of Multi-Site or Cross-App Data through its Web site or application.6

 

====== 358 ======

Control

The choice made by consumers as set forth in the existing Principles regarding the collection and use of data for purposes other than those set forth in the sections on Purpose Limitations,7 also applies to:8

The collection of Multi-Site Data on the browser, or Cross-App Data on the device, on which choice is being exercised, for use on another computer or device that is linked with the browser or device on which the choice is being exercised;

The use of Multi-Site Data or Cross-App Data on the browser or device on which choice is being exercised when that data was collected on another computer or device that is linked with the browser or device on which choice is being exercised; and

The transfer to a Non-Affiliate of Multi-Site Data and/or Cross-App Data collected from the browser or device on which choice is being exercised.9

* * *

====== 359 ======

====== 360 ======

1.

See definition of Online Behavioral Advertising, Self-Regulatory Principles for Online Behavioral Advertising at p. 10(G).

2.

See Multi-Site Principles at p. 1. In 2013, DAA issued guidance on the application of the Principles to the mobile environment, See Application of Self-Regulatory Principles to the Mobile Environment (2013) (“Mobile Guidance”) available athttp://www.aboutads.info/DAA_Mobile_Guidance.pdf.

3.

As described in the DAA Principles, the relevant Transparency and Consumer Control requirements apply to an entity’s collection or use of Multi-Site Data and/or Cross-App Data, whether or not that collection or use occurs on a single device or across multiple devices, and also apply to the extent Multi-Site Data and/or Cross-App Data is combined with data that is outside the scope of the DAA Principles.

4.

Consistent with the OBA Principles, MSD Principles, and Mobile Guidance, this notice should be provided on a Third Party’s own Web site(s) or accessible from application(s) from or through which they collect Cross-App Data (see OBA Principles at p. 12; Mobile Guidance at p. 14). This notice should also indicate the Third Party’s collection and use of Precise Location Data for use across devices. Consent for the collection and use of Precise Location Data should encompass the collection of Precise Location Data from a device for use on another computer or device that is linked to the device where Consent is obtained.

5.

Consistent with the existing DAA Principles, Third Parties should provide Enhanced Notice with respect to this notice as set forth in the OBA Principles and Mobile Guidance (see OBA Principles at p. 13; Mobile Guidance at pp. 14-15).

6.

See OBA Principles at p. 35. Consistent with the existing DAA Principles, a Website does not need to include such a link in instances where the Third Party provides Transparency as described in OBA Principles II.A.2(a).

7.

MSD Principles at pp. 1-2 and Mobile Guidance at pp. 30-31.

8.

This control provision does not address choice with regard to the creation of a “graph.”

9.

Consistent with the DAA Principles, a Third Party that provides consumers access to a mechanism or setting offered by a platform or operating system that provides the ability to exercise choice with respect to Cross-App Data in a manner consistent with this guidance document satisfies this guidance. (See Mobile Guidance at p. 19). An entity cannot avoid the Principles’ Transparency and Consumer Control obligations by transferring data to an Affiliate for use by that Affiliate or by using the data on a different browser or device than the browser or device on which it was collected. Additionally, choice under this guidance document applies to future data collection, use, and transfer for purposes other than those set forth in the sections on Purpose Limitations.