Compliance Concerns behind the Phenomenon of Cross-Device Marketing

By Vejay G. Lalla and Samantha G. Rothaus

You just bought a new dress from a department store website on your laptop. Minutes later, while scrolling through your Instagram feed on your smartphone; you magically come across an ad for matching shoes from the same department store.

It turns out this familiar phenomenon is the result of advertising technology known as cross-device tracking, in which a consumer’s behavior and activity can be tracked across all of that consumer’s devices. Cross-device tracking allows marketers to target their advertising to the consumer on any platform, based on information learned about the consumer while he or she was using a different platform. It also enables marketers to utilize information about a consumer obtained from physical retail locations, or from the consumer’s wearable tech or “smart” home appliances, allowing for more targeted advertising for the consumer. In essence, cross-device tracking allows marketers to develop detailed consumer profiles on a more individualized basis, in an effort to personalize and improve the consumer experience.

While these activities may make online shopping easier (or creepier, depending on the consumer), it also raises risks that marketers need to be aware of in connection with Federal Trade Commission (FTC) regulations and consumer privacy and data security laws. Earlier this year, the FTC issued guidance on cross-device tracking, and the Digital Advertising Alliance began to enforce cross-device privacy rules of its own. Both regulatory bodies have emphasized that, in utilizing cross-device campaigns, marketers must (1) act transparently, and disclose its tracking activity to its consumers; and (2) provide consumers the choice of whether or not to allow themselves to be tracked.

The FTC has recognized that one of the challenges with this approach is that many traditional methods of opting out of advertising or data tracking (including actions like using ad blocking software or deleting cookies) do not apply across all devices, and can be impractical in real-world circumstances. Consequently, to remain compliant with federal regulations, marketers must clearly and conspicuously disclose the limits of the opt-out mechanisms they provide (such as the fact that opting out of one tracking method may not prevent the consumer’s behaviors from being tracked in other ways) so that consumers can make informed decisions.

In addition to providing transparency and choice to the public, marketers should take steps to defend against the potentially significant liabilities that could arise in implementing a cross-device campaign. Because marketers use multiple vendors in these cross-device activities (including data vendors, creative agencies and publishing partners) there are many levels at which a data breach, intellectual property violation or failure to include required disclosures or opt-out provisions could occur. Marketers should develop holistic and comprehensive compliance strategies from the outset to protect against these risks.

Vejay G. Lalla is a partner in the Advertising, Marketing & Promotions Practice Group at Davis & Gilbert LLP. He may be reached at 212.468.4975 or vlalla@dglaw.com.

Samantha G. Rothaus is an associate in the Advertising, Marketing & Promotions Practice Group at Davis & Gilbert LLP. She may be reached at 212.468.4868 or srothaus@dglaw.com.