Digital Advertising Alliance Sets Sights on Mobile Consumer Privacy

The Digital Advertising Alliance (DAA), a coalition of leading advertising trade groups and companies from a variety of industries that has been advancing a self-regulatory approach to online privacy, is rolling out a set of principles to cover the mobile Web.

Formed in 2010, the DAA has pushed the Advertising Option icon to sites across the Web. That icon, which today garners some 1 trillion impressions a month, invites consumers to click to learn about the various companies involved in serving the ad, what information is being collected and how they can limit it.

The Growing Need for a Set of Privacy Guidelines for the Mobile World

Now, with smartphones becoming the device of choice for many users to access the Web, the group is planning to bring a similar set of guidelines to the mobile world.

"What we're hoping to do is basically bring that kind of transparency, that kind of control, over to the mobile Web and the mobile app environment," Lou Mastria, managing director of the DAA, said in an interview with

(International Data Group, the publisher of, is one of the companies that participates in the DAA's self-regulatory privacy framework.)

The rollout comes amid continued scrutiny into the practices of online advertisers, ad-tech companies and data brokers, with some members of Congress advocating for legislation to codify a set of privacy protections. Federal officials at the Department of Commerce and the Federal Trade Commission have also been probing industry practices.

The DAA has been an active voice in those discussions, serving as a consistent advocate for strong but self-regulatory guidelines. To critics skeptical that the industry can effectively regulate itself, the group points to its enforcement mechanism through which the Better Business Bureau (BBB) and Direct Marketing Association (DMA) hold firms to account with the threat of referring violators to the FTC or other government authorities. To date, the BBB and DMA have taken public action on 19 companies for violating the DAA's rules, each of which resulted in the firms coming into compliance, according to Mastria.

"Our enforcement authority's pretty muscular," he says.

DAA Calls for Privacy Notice and Controls Over Personal-Directory Data

Now, the group is setting its sights on the mobile Web, with plans to draft rules governing privacy notice and controls for data that is shared across multiple applications, location-based information and the photos, text logs and other content that users create--what the DAA calls personal-directory data.

The new guidelines will largely be an extension of the framework the DAA developed for the desktop, including transplanting the ad options icon to the small screen and making privacy disclosures more accessible to users.

"What we would expect to see in the next little while is the icon would be used in signaling to consumers when data is being collected in these various ways," Mastria says. "One of the big things that we do is we take privacy disclosure notices around cross-app data and we take them out of the privacy policy and put them in a highly visible area, highly visible real estate."

Today's release is just the beginning of the process. With the rollout of the principles, the DAA "is really putting everyone on notice" that new rules will be forthcoming, Mastria says. Then, between six months to a year from now, the DAA plans to publish its implementation guidelines and the rules will become enforceable. In the meantime, the trade associations that comprise the DAA will conduct what Mastria says will be a vigorous campaign of outreach and education to help their member companies prepare for the mobile privacy framework. The DAA is also planning to develop an app to help consumers manage their privacy preferences across the mobile Web.

Ahead of those more technical guidelines, Mastria says he is unable to comment on the specific mechanisms of the mobile privacy framework, but notes that its intention is effectively to give consumers the ability to shut off data sharing across multiple applications, and keep their location and personal directory data private.

The DAA says that it plans eventually to consolidate the past guidance it has offered for online behavioral advertising and data collection across multiple sites with the mobile framework for a single set of principles.

Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for

Follow everything from on Twitter @CIOonline, on Facebook, and onGoogle +.

Read more about privacy in CIO's Privacy Drilldown.

Join the CSO newsletter!

Error: Please check your email address.

Tags DAASecurity | Privacysecuritymobile securityDigital Advertising Alliancemobilegovernmentprivacymobile privacyconsumer privacy

More about Direct Marketing AssociationDMAFacebookFederal Trade CommissionFTCGoogleInternational Data Group

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kenneth Corbin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts