An ad industry self-regulatory watchdog says it plans to beef up enforcement of privacy rules that require opt-in consent to tracking.
In a compliance warning issued Tuesday, the BBB National Programs' Digital Advertising Accountability Program reiterates that the industry's self-regulatory codes require consumers' opt-in consent to tracking in some circumstances. What's more, companies can't infer consent based on consumers' continued use of a service after being informed of its data collection policies, the organization says.
The watchdog adds that some companies obligated to obtain opt-in consent have instead obtained consent on an opt-out basis.
“The Accountability Program has noticed companies mistaking their provision of a notice combined with their customers’ subsequent continued use of their products or services as being tantamount to consent,” the warning states. “However, such reliance on the passive, continued use of a product or service just because it occurs subsequent in time to the delivery of clear, meaningful, and prominent notice is not sufficient to obtain consent.”
The accountability program says it will “strictly enforce” the opt-in consent requirements starting next year.
The self-regulatory codes, developed by the umbrella group Digital Advertising Alliance, specifically require “service providers” -- including broadband providers, browsers, toolbars and other companies with access to substantially all online activity -- to obtain users' affirmative consent before collecting data across sites or apps for ad targeting. The codes also require companies to obtain people's explicit consent to collect precise location information, and “sensitive” health or financial data.
The warning, while released Tuesday, was referenced earlier this year, in an opinion examining T-Mobile's data practices. That opinion came in response to reports that T-Mobile planned to draw on subscribers' web browsing history and app usage in order to serve them personalized ads, on an opt-out basis.
T-Mobile disclosed those plans in a February 2021 privacy policy update.
After the self-regulatory group launched an investigation, T-Mobile said it wouldn't use people's web-browsing history for ad targeting, and revised its privacy policy to delete references to browsing activity. The company's current policy still suggests the telecom draws subscribers' use of mobile apps for ad targeting.