PRIVACY ON THE MOVE
DURING THIS SESSION, WE WILL DISCUSS…
• The growth of mobile ad-serving
• How mobile ad-serving works and how it
differs from other online advertising
• The EU legal framework for mobile ads
• The US legal framework
• Practical challenges and how industry may
overcome them
YOUR SPEAKERS
Ruth Boardman
Co-head, International Privacy
& Data Protection Practice,
Bird & Bird
Nick Stringer
Director of Regulatory Affairs,
IAB UK
Dustin St. Clair
Yahoo! Europe (UK & Ireland)
Legal Counsel
Dana Rosenfeld
Chair, Privacy and Information
Security Practice
Kelley Drye & Warren LLP
MOBILE IS NOW 16% OF DIGITAL AD SPEND…
SOURCE: IAB / PwC Digital Adspend Full Year 2013
0.8% 1.1% 2.0%
4.2%
9.7%
16.3%
2008 2009 2010 2011 2012 2013
17% of total search (2012 12%)
23% of total display (2012 10%)
0.3% of total classifieds (2012 0.2%)
…REFLECTING USER BEHAVIOUR
Methodology
Qual:
• Mobile Aquarium - over 600 moments
captured
• FishEye™ cameras & interviews
Quant:
• 1376 smartphone owners
How do consumers use their devices?
1. There’s no downtime anymore and people use
multiple screens at the same time
2. Brands should not be overfamiliar too soon –
treat early contact as a first date
Happy to receive personalised suggestions from
companies?
Two key insights (there’s lots more!)
www.iabuk.net/research/realview
What do we mean by "mobile"?
MOBILE WEB
• Browser based
APPS FOR MOBILE / TABLET
AD SERVING FOR MOBILE – WHAT IS THE DELIVERY
MECHANISM?
Mobile web v in-app advertising
Mobile web
similar standards for mobile web ad serving as
desktop
Parity across browsers
Advertising in apps
different technology to mobile web
SDKs – what are they and what do they do?
AD CUSTOMISATION
How does it work on desktop?
Basic demographic targeting (where
available)
Interest based advertising
Principal technology used to customize
advertising?
cookies
AD CUSTOMISATION - MOBILE
Inputs for mobile advertising
- Contextual advertising
- Information obtained from device (with
consent) (apps and mobile web)
- Platform based
- Interest based advertising (but using
cookies alone for this is challenging)
AD CUSTOMISATION - MOBILE
Mobile web v App advertising
Mobile web
“Cookies don’t work on mobile”?
Not true – but there are challenges with
their use: • Different mobile browsers handle cookies differently
• Persistency
• Defaults settings vary across browsers –
– Impact on third parties
– Impact on ad networks
• Control mechanisms?
AD CUSTOMISATION – MOBILE (2)
Advertising in apps
Sandboxed environment
Cookies?
Within the web view – the online content
which is displayed within a user's device
However
Cookies can't be shared by an app with other
apps
Can't be shared with the mobile device
OTHER (NON-COOKIE) CUSTOMISATION TOOLS
Logged-in v non-logged in
Device identifiers
– Apps only
– iOS v Android
• ADFA (Apple)
• Android ID (Google)
– Persistency and control
Data Protection
"identifiable" data: "the
possibility of identifying an
individual no longer
necessarily means the ability
to find out his or her name"
(WP29)
Right to object (if direct marketing)
Notice
Cookies
"Storing of information, or the
gaining of access to
information already stored, in
the terminal equipment of a
subscriber or user"
Consent
Traffic & Location Data
Processed in an electronic
communications network
Data
Protection
Cookies Location data
Cookies / ? X
SDK / ? X
Apple IDFA / ? ? X
Other device ID / ? ? X
MAC address / ? ? X
Browser fingerprint / ? ? X
U.S. LEGAL FRAMEWORK
• Federal: sectoral-specific laws
– FTC Act (Section 5); COPPA; HIPAA; GLBA; ECPA; FCRA
• State:
– General consumer protection laws and “baby” FTC Acts
– Disclosure/sharing
– Safeguard laws
– SSN protection
– Disposal
– Breach notification laws
• Self-regulation
U.S. LEGAL FRAMEWORK: STATE
• General consumer protection laws and “baby” FTC Acts
• Disclosure/sharing (e.g., CA Shine the Light law; Online Privacy Protection Act) – New Amendment to CA Online Privacy Protection Act - DNT
• Safeguard laws – Massachusetts standards
– PCI DSS codification (Nevada, Minnesota, Washington)
• SSN protection
• Disposal
• Breach notification laws
FTC BUSINESS GUIDANCE – MOBILE DISCLOSURES
MOBILE DISCLOSURE ENFORCEMENT ACTIONS
FTC STAFF REPORT: MOBILE PAYMENTS
MOBILE PAYMENTS ENFORCEMENT & LITIGATION
DO NOT TRACK
• Consumers still await an effective and
functioning do-not-track system, which is
now long overdue.” – Chairwoman Ramirez
SELF-REGULATION: OBA GUIDANCE FOR MOBILE
• Guidance released in 2013 by DAA and NAI
– Applies to the collection of data across mobile apps and web browsing
– Incorporates the same concepts of notice and consent
– Implementation difficulties due to lack of standardized technology across mobile devices/platforms (e.g., cookies are not universally used or recognized)
• CBBB Accountability Program published Compliance Warning letter in October 2013
SELF-REGULATION: CARU
• 3/2014 - first CARU case involving mobile app – Ads presented in manner
which blurred distinction between ad and content
• Operator should implement neutral age-screening process prior to allowing “child-mode” to be turned off
• Link to social networks should be removed
SELF-REGULATION: NTIA CODE OF CONDUCT
• NTIA privacy multistakeholder process
– Followed White House’s release of Consumer Privacy Bill of Rights in February 2012
• Draft Short Form Notice Code of Conduct
– Released July 25, 2013
– Provides guidance regarding short-form notices about collection and sharing of consumer information with third parties
– Stakeholders agreed to begin reviewing, testing, and implementing the code
KEY TAKEAWAYS FOR MOBILE ADVERTISING
1. Privacy by design
2. Clear, conspicuous privacy policies
3. Transparency
4. Notice and consent – Just-in-time disclosures to obtain “affirmative
express consent” for any sensitive information (e.g., geolocation)
5. Special considerations for children’s apps
6. Say what you do and do what you say!
GREATER TRANSPARENCY & CONTROL FOR CONSUMERS…
WHAT DOES IT MEAN?
• Adapting the existing self-regulatory
principles for the mobile environment
• This means accounting for different data
sets:
– Mobile web browsing data
– In-app (and cross-app) data
– Location data
OUR CHALLENGES
• Mobile is a very personal device – a challenge for
advertising per se
• Screen size – the principles of transparency and control
apply, but does the icon?
• New data sets – mobile web browsing is the same as in
desk top but app and location data may require a
different approach
• Technology – cookies don't work in apps. This is a
commercial challenge as well
THANKS!
Questions