The Online Interest-Based Advertising Accountability Program, which is responsible for implementing the “self-regulatory” Principles of the Digital Advertising Alliance, has published the outcome of two inquiries referencing advertising technology companies, Kiip and VRTCAL. In compliance with the Accountability Program’s guidelines, Kiip and VRTCAL were asked to update their privacy and opt-out settings, to establish a more secure and transparent experience for consumers.
“Making opt-out tools easy to use and ensuring they are clearly described are essential components of the DAA Principles,” said Jon Brescia, accountability program director of adjudications and technology. “We are pleased to see that Kiip and VRTCAL have taken this philosophy to heart.”
To reinforce the DAA’s Principles and confirm advertising companies are meeting requirements, the Accountability Program regularly “tests mobile apps for compliance”. During a recent analysis of an undisclosed popular dating app, it became evident that VRTCAL was collecting sensitive data for IBA, including specific user location. After further reviewing VRTCAL’s data acquisition methods and privacy policies, the Accountability Program found that the company did not fulfill DAA requirements.
According to the Accountability Program’s release, “VRTCAL immediately indicated its strong support for consumer privacy and self-regulation and worked diligently to come into compliance fully with the DAA Principles.”
The second company to receive an inquiry letter from the Accountability Program was Kiip, a mobile advertising company. Through a routine test, it was discovered that Kiip was regularly collecting data from an undisclosed exercise app.
“While similar in content to VRTCAL, the Kiip case is a continuation of the Accountability Program’s enforcement of the Cross-Device Guidance. These rules outline the industry standards for privacy when tech companies collect data across multiple devices associated with a single user, such as a laptop, smartphone, and tablet,” stated the release.
To abide by the DAA’s regulations, Kiip modified its private policy to better explain to consumers that the company has the right to collect and distribute the user’s information across multiple devices. Kiip also included clearer instructions on how to opt-out of multiple devices used to power its cross-device IBA, while clarifying how to opt-out of data sharing for mobile IBA. Kiip also updated its private policy and contract to better explain how it acquires precise location data.