Testimony: DAA Program Assigns Heightened Protection to Location Data; Self-Regulation Can Adapt

June 5, 2014

The Digital Advertising Alliance recognizes that location data requires heightened safeguards in mobile environments if we are to maintain consumer trust in this fast-growing advertising medium. This is why the DAA Principles and our guidance for adherence on mobile platforms (which was released almost a year ago) require companies to obtain consent before collecting and transferring precise location data from individuals, and that users be able to revoke that consent at any time. The DAA program is a living example of how sensitive issues like location data can be addressed through a robust, enforceable self-regulatory framework while still allowing for innovation and the ad-funded support of content and services we all enjoy in the multi-screen world.

Essentially this was my message June 4, when I testified before the Senate Judiciary Committee's Subcommittee on Privacy, Technology and the Law – articulating marketers' proactive views on adopting and strengthening our code of conduct for location-based marketing purposes. A copy of our full written testimony is available here. In addition, our oral testimony can be found here. And, a recording of the hearing can be found here (DAA begins speaking at 1:22):
http://www.judiciary.senate.gov/meetings/the-location-privacy-protection-act-of-2014

The hearing was called in conjunction with recently introduced legislation, The Location Privacy Protection Act of 2014. As a self-regulatory body DAA doesn't take a position on legislation, although our initial read suggests that the measure is consistent with our Principles. As I testified, self-regulation has proven to be an agile, effective tool for regulating legitimate business activity on the Web, but it is not intended to prevent criminal activity: "Of particular relevance to this hearing, cyberstalking is a serious issue but criminal activity is separate and apart from the legitimate commercial uses of data covered by DAA. I want to note DAA's stringent requirements for the collection and use of precise location data for commercial purposes."

The proactive efforts our industry has undertaken to anticipate and address relevant advertising enabled by precise location – and the inclusion of consumer consent to enable such marketing activity – is exactly the type of foresight and flexibility that balances privacy and innovation, and enables a thriving, competitive marketplace that serves brands and consumers. In testimony, DAA stated:

"We believe the DAA is a model example of how interested stakeholders can collaborate across the ecosystem to provide meaningful and pragmatic solutions to complex privacy issues, especially in areas as highly dynamic and evolving as mobile advertising."

Among the benefits of interest-based advertising which we articulated:

  • "Advertising fuels [a] powerful Internet economic engine."
  • "Because of advertising, consumers can access a wealth of online and mobile resources at low or no cost."
  • "Interest-based advertising is an essential form of online and mobile advertising. Consumers are more likely to find interest-based advertisements more relevant to them, and advertisers are more likely to attract consumers that want their products and services."
  • "Smaller website publishers that cannot afford to employ sales personnel to sell their advertising space, and may be less attractive to large brand-name advertising campaigns, can increase their revenue by featuring advertising that is more relevant to their users."

We also stated the power and benefits of self-regulation in our dynamic marketing environment:

  • "For our information-driven economy to thrive and continue as an engine of job creation, self-regulation led by industry codes of conduct is the ideal way to balance privacy and innovation."
  • "The DAA is concerned that laws and regulations are inflexible and can quickly become outdated in the face of extraordinarily rapidly-evolving technologies."
  • "Laws and regulations can also serve as a disincentive to the marketplace to innovate in the area of privacy. Companies are increasingly offering consumers new privacy features and tools such as sophisticated preference managers, persistent opt-outs, universal choice mechanisms, and shortened data retention policies."
  • "The DAA believes that this impressive competition and innovation should be encouraged. New laws or rules could impede future developments or discourage companies from continuing to compete over privacy features."
  • We also welcomed that the Federal Trade Commission testified, as it has been a supporter of the DAA program. Jessica Rich, who is Director, Bureau of Consumer Protection, FTC, and who will provide the Policy Maker Keynote Speech at the DAA Summit in San Francisco on June 26 [register here, first registration from a DAA participant is free], noted recently: "Finally, we will continue to support robust self-regulation. We have seen some promising developments on this front – including the efforts undertaken by the Better Business Bureau enforce the online advertising principles of the Digital Advertising Alliance (DAA) – and we want those efforts to continue."[1]

We shared with the Senate subcommittee updates on the DAA Icon, Consumer Choice Page for desktop environments, and our plans to bring such a choice tool (codenamed among ourselves as "Sunrise") to cross-app mobile platforms this year. Importantly, we also talked about enforcement – and Senators asked questions about the cases that have been brought to date by our enforcement partners.

And since the hearing was dedicated to precise location matters, we said: "The [DAA] Mobile Guidance squarely addresses control over Precise Location Data – data obtained from a device about the physical location of that device that is sufficiently precise to locate a specific individual or device – requiring entities collecting such data to obtain consumers' consent, or obtain reasonable assurances that the app developer or owner has obtained consent to the third party's data collection, use, and transfer. In addition, the DAA program requires companies to provide an easy-to-use tool to withdraw consent at any time."

We also stated the requirements of first parties and third parties as they pertain to notice, enhanced notice (meaning beyond the privacy policy) and consent.

We're thankful to Senators Al Franken (D-MI) and Jeff Flake (R-AZ) for holding the hearing, and for providing DAA an opportunity to share the real success and flexibility of the self-regulatory model.

[1] http://www.ftc.gov/sites/default/files/documents/public_statements/privacy-today-ftcs-2014-privacy-agency/131206privacytodayjrich.pdf

Back to Top