The self-regulatory group Digital Advertising Alliance is poised to release new mobile privacy standards. The standards, which could be unveiled as soon as next week, are expected to be consistent with the DAA's long-standing guidelines requiring members to notify consumers about online behavioral targeting, but updated with new mobile-specific rules.
According to people familiar with the final or near-final draft, the new standards will address targeting ads based on information collected across apps, and would allow consumers to opt out. The mobile rules also are likely to require companies to obtain users' opt-in consent before collecting some information, like address-book data.
The DAA hasn't yet responded to Online Media Daily's request for comment, but the DAA is not expected to require members to implement the new rules immediately.
One privacy challenge presented by mobile platforms is that devices tend to be tied to specific individuals, which means that data linked to those devices isn't necessarily "anonymous." For that reason, the new rules are likely to encourage companies to take steps to de-identify information.
Another privacy challenge is that opting out of mobile targeting can be clunky. In the past, some individual mobile networks have allowed
consumers to opt out by providing their phones' device identifiers -- or unique character strings. The ad networks then keep records of which devices have opted out of online behavioral
advertising.
Apple users also have the option of activating a "limit ad tracking" setting, which conveys to networks that users don't want to be tracked. The company also recently started limiting developers' ability to access unique device identifiers. Instead, Apple now offers "advertising identifiers" -- which consumers can control by resetting or deleting. But some developers still have access to the old UDIDs, which can be used for tracking. And even without access to the UDIDs, companies can identify devices through other characteristics.
The DAA's new standards will come at a time of increased regulatory scrutiny of how companies collect and use data -- particularly data gathered through mobile devices. The Federal Trade Commission and California Attorney General have weighed in with recommendations regarding mobile privacy. In the last year, the Commerce Department has convened several meetings between a broad array of online companies and advocates, in an attempt to forge a consensus on mobile privacy guidelines.
Several app developers, including Path and Hipster, were recently accused of uploading users' address books without their permission. The mobile social network Path recently agreed to create a comprehensive privacy policy to settle FTC charges stemming from the alleged uploads. Path also agreed to pay $800,000 to settle separate allegations that it violated the Children's Online Privacy Protection Act by collecting personal data from children under 13.
Good piece and very topical it is about time this issue was addressed.