The Advertising Self-Regulatory Council (ASRC) recently found that three app publishers were non-compliant with self-regulatory standards set forth by the Digital Advertising Alliance (DAA). The actions represent the first time the ASRC has enforced the DAA’s self-regulatory principles against developers of mobile applications.
According to the ASRC, mobile app company Spinrilla failed to comply with notice and consent requirements before allowing third parties to collect precise location data for use in interest-based advertising, while Top Free Games and Bearbit Studios permitted third parties to collect persistent identifiers from child-directed apps, which would also constitute a violation of the Children’s Online Privacy Protection Act. All three companies have changed their privacy practices in response to the scrutiny from the ASRC.
The DAA first issued mobile guidance with user notice and consent requirements in 2013 but indicated that it would allow an “implementation phase” before beginning enforcement. In 2015, the DAA announced that any entity engaged in interest-based advertising or the collection and use of certain mobile data had to comply with its self-regulatory principles. And in May 2016 at a DAA conference, a Federal Trade Commission (FTC) associate director praised self-regulatory regimes such as the DAA’s but noted that the FTC would like to see an expansion of the definition of sensitive data and a narrowing of the exceptions for compliance with the principles.
These actions should put companies on notice that enforcement of the DAA mobile standards has officially begun.
Richard S. Eisert is co-chair of the Advertising, Marketing & Promotions Practice Group and a partner in the Digital Media, Technology & Privacy Practice Group at Davis & Gilbert LLP. He may be reached at 212.468.4863 or firstname.lastname@example.org.
Vejay G. Lalla is a partner in the Digital Media, Technology & Privacy Practice Group at Davis & Gilbert LLP. He may be reached at 212.468.4975 or email@example.com.