Trends in Mobile Privacy

Mobile advertising has yet to come into its own, perhaps because advertisers are not yet sure what users will tolerate on a device actually held on the body.  Perhaps it seems more invasive because mobile advertising is capable of collecting information about users’ activities across different apps over time to deliver ads to those users based on those activities. It includes retargeting and tracking conversions,  and it may extend to any collection of information on one property to serve an ad on a different property. The data  collected is not tied to an identifiable individual but is tied to an individual device. And users are aware of being tracked across devices.

Lately, just about everyone is collecting user data for cross- device tracking, and users are not happy. The publisher collects user data from registrations and the use of the publisher’s app or site. Demand  and supply side platforms track users through their SDKs installs on the site, or receive user data from advertisers to calculate retargeting or fees. Advertisers also track user data, as do real time bidding (RTB) platforms, by which a user in a certain inventory is sold to the advertiser making the highest bid.

if this sounds awful to you, imagine how it sounds to the consumer who is being tracked for what is known as interest-based advertising. No wonder consumers opt out, forcing the FTC to make advertisers provide enhanced notice and choice.

In the mobile environment, the Digital Advertising Alliance and IAB Europe have determined to self- regulate. DAA has an opt out app that can be downloaded by consumers. There are also protections in mobile browsers to enable consumer choice. But in the EU  there are special considerations for apps and privacy.

The four key data protection risks in the EU include transparency consent, security,  and limitations on both purpose and amount of data that can be collected from an app. It is up to the consumer to control which data processing functions should be permitted: location data, contacts, credit card and payment data, browsing history.

A  company may use information collected across devices through cross device tracking software for content personalization,  interest based advertising,  fraud prevention and analytics.  In the US, opt outs are device specific but users must be provided with notice and a choice if they browsing activity on one device maybe used to deliver advertising to them on another device. In the EU, regulations are stricter: the privacy directive requires prior consent from the user for “storing for accessing information in the terminal equipment of the user.”

In the US, geolocation data can be collected only after the user is told that the data is being collected, and it may not overwrite consumer preferences. Although general geolocation derived from an IP address is not considered  “information”, it should still be disclosed in a privacy policy.

Snapchat and Path both fell afoul of this policy,  and Snapchat had to settle with the FTC over allegations that its Android app transmitted wifi and cell- based data location information from users mobile devices to its analytics tracking service provider in violation of its own privacy policy.

For that reason, although mobile marketing has many possibilities, it is wiser to leave the user in control of her own device marketing preferences.