This guidance explains for covered companies how the existing Digital Advertising Alliance (“DAA”) Self-Regulatory Principles for Online Behavioral Advertising (“OBA Principles”) and Multi- Site Data (“MSD Principles”) (collectively, the “Self-Regulatory Principles”) apply to certain types of data in the mobile Web site and application environment. This guidance responds to the fact that both First Parties and Third Parties operate across a variety of channels including mobile. The Self-Regulatory Principles apply consistently across these channels, although current implementation may vary based on the technological demands of different channels.
The existing Self-Regulatory Principles and definitions remain in full force and effect, including the purpose limitations set forth in the MSD Principles, and the commentary for such Principles also applies in the mobile Web site and application environment where relevant. For clarity and ease of use, this guidance document restates many of the standards and definitions from the OBA Principles and MSD Principles. These definitions should be interpreted consistently across channels. In the future, the DAA intends to release a consolidated set of Self-Regulatory Principles that integrates this guidance document with the OBA Principles and MSD Principles, resulting in one uniform set of Principles. Section II of this guidance clarifies that the previously-issued Self-Regulatory Principles apply to the mobile Web site environment. Due to the technical features of different types of devices and systems, the DAA recognizes that it may not be feasible to comply with the Self-Regulatory Principles on the mobile Web in the same manner as in a desktop computer environment. From time to time, the DAA may provide guidance on implementation practices.
Sections III, IV, and V of this guidance explain how the Self-Regulatory Principles apply to certain data practices that may occur on mobile or other devices. Section III sets forth how the Principles apply to data collected from a particular device regarding application use over time and across non-Affiliate applications. Section IV explains the application of the Principles to Precise Location Data – data obtained from a device about the physical location of the device that is sufficiently precise to locate a specific individual or device. Entities subject to this guidance can use multiple existing technologies to satisfy this section. Section V addresses Personal Directory Data – calendar, address book, phone/text log, or photo/video data created by a consumer that is stored on or accessed through a device.
The DAA will build on the success of its existing Web-based uniform choice mechanism by working with DAA stakeholders to develop and implement, or otherwise specify, a companion choice mechanism or setting for Cross-App Data. During this implementation phase, this guidance with respect to Cross-App Data, Precise Location Data, and Personal Directory Data will not be in effect or enforced by the DAA accountability mechanisms. After such choice mechanism is operational and the DAA has announced to covered companies that this guidance is effective and enforceable, any entity engaged in the collection and use of Cross-App Data, Precise Location Data, or Personal Directory Data after the effective date established by the DAA will be subject to the DAA accountability mechanisms for engaging in practices that do not adhere to the Self-Regulatory Principles as clarified in this guidance.