The Digital Advertising Accountability Program, which enforces privacy principles for digital advertising, issued a compliance warning to advertisers regarding device fingerprinting. This warning is worth keeping in mind, since the “fingerprinting” practice is rising in more and more industries.
Continue Reading DAA Issues Warning On Device Fingerprinting
The Belgian Data Protection Authority (APD) recently released a draft decision imposing a €250,000 fine ($285,000) on the provider of a consent mechanism that operates within a real-time ad bidding program. The ad bidding program, OpenRTB, allows advertisers to place online ads through an automated online auction of available ad space. Thousands of advertisers can bid on space in real time, through a fairly complex process involving many different entities (a schematic of the process was included by the ADP in its decision on page 9). The case first arose in 2019, and after several interim decisions the ADP has now held in this draft decision, among other things, a two month deadline for IAB Europe to present a remediation plan to the ADP. The case was one with cross-Europe impact, and thus the ADP’s decision has been sent to its European counterparts for feedback.
Continue Reading Interactive Advertising Bureau of Europe Fined By Belgian DPA for GDPR Violation
The ICO first began its examination of Bounty UK Ltd. (a support club for parents) when the ICO was investigating the data brokerage industry generally, of which it viewed Bounty as taking part (given that it shared member information with third parties like Acxiom and Equifax). Here, in reaching its conclusion that the company had violated UK privacy laws, the ICO found the volume of sharing in which Bounty engaged “unprecedented,” and accused the company of both “careless data-sharing” as well as violations of the UK law that pre-dated GDPR (the violation having occurred prior to the law’s May 2018 implementation date). Interestingly, the violation has been described by commentators as a “data breach,” although it did not involve the typical “hacker” scenario that one thinks of when contemplating a breach. Instead, the company collected information and shared it with third parties without appropriate notice and consent.
Continue Reading UK ICO Fines Parenting Club £400,000 Over Breach Involving PII of Mothers and Babies
The Better Business Bureau’s Online Interest Based Advertising Accountability Program announced that that it will require interest-based video ads to provide notice and choice to viewers as of April 1, 2018, as we reported in our Advertising blog, in compliance with the Digital Advertising Alliance’s self-regulatory principles for interest-based advertising. As providers of interest-based video ad networks and services gear up for the deadline, there are three core areas to think about. First, the basics, are you engaging in interest-based advertising in the serving of your video ads? Now is the time, in advance of the April 1 date, to have these conversations with your business teams. Second, if the answer is yes, how are users being provided with notice? Is the notice compliant with the DAA Principles? For example, is it up-front? Does it direct users to a location where they can get more detailed information about your activities? Third, how are users being provided with choice? For those who engage in other types of interest based advertising, these steps will sound familiar. But expanding the conversation with marketing to video advertising may be new.
Continue Reading How to Prepare Interest-Based Video Ads for the April 1 Deadline
Enforcement of the Digital Advertising Alliance “Application of the Principles of Transparency and Control to Data Used Across Devices” (DAA Cross-Device Principles) officially began on February 1, just a week after the FTC issued a staff report discussing the application of the FTC Online Behavioral Advertising Principles in the context of “Cross Device Tracking” and suggesting that the DAA Cross-Device Principles, while commendable, could be stronger.
Continue Reading FTC / DAA Extend Data Privacy Focus to Cross-Device Tracking