As the mobile media and marketing industry picks up, so too do the privacy concerns that surround it. The highly personal nature of smartphone and tablet devices, coupled with their ability to pinpoint users’ exact locations, has caught the attention of both privacy advocates and regulators over the past year. With many regulators already on top of the industry for behavioral advertising practices, they are likely to scrutinize practices in mobile. Sarah Hudgins, the Interactive Advertising Bureau’s public policy director, spoke to Digiday about the issues facing the mobile media industry and the trade body’s regulatory work with the Digital Advertising Alliance.
What are the biggest privacy issues the mobile media industry faces?
What should the mobile industry be doing to address privacy concerns?
It’s about educating consumers, regulators and the industry. We’re currently working on the consumer education piece with the DAA, for example, which will include rolling out the AdChoices icon to mobile. In mobile there’s also somewhat of a gap between consumers’ understanding of what it is they’re using and how it relates to their data. They need to be given both notice and choice around that. For example, if you talk about location tracking out of context, it makes people uncomfortable, but when you talk about it in the context of a mobile application, it’s a different situation. The second part is working with regulators. If you read a story in a newspaper, that can create a lot of confusion and concern for both consumers and regulators. It’s about sitting down with policy makers and talking about what the technology actually is and what’s being done.
What are the privacy implications of emerging tracking technologies such as device fingerprinting?
I’m only familiar with a handful of companies trying to use it right now. It’s a very small percentage of the market. As of right now, I don’t see that it will take off in any particular direction, but even if it does, those companies would still be subject to the DAA program. If they’re deploying device fingerprinting, they would have to match up the tech with the principles in order to comply. We’ll keep seeing evolution in that space, and Apple’s deprecation of UDIDs has companies looking elsewhere. But again, we want to talk about the policy and good practices, not the technology itself. The marketplace is moving so rapidly that if we focus on the specific technologies we’re going to be constantly reviewing the program.
What about location-based services and advertising?
I think there’s a pretty strong consensus now that that information can be pretty sensitive and has to be treated more like personally identifiable information. The next question is how exactly you treat it, though. There are also differences within geolocation itself. For example there are differences between one-time use and long-term use, so what should the notice and consent procedures be for each? I think we all agree that there has to be notice and consent around location data, but the biggest question is who controls that. Is it the operating system, the app or another party?
Are the self-regulatory efforts by bodies such as the IAB and the DAA doing enough to stave off formal legislation of the mobile media space? Should the industry have moved more quickly?
When you’re talking about self-regulation, you can never say victory and stop what you’re doing; it has to continuously improve. Regulators have really helped us shape our program to meet a lot of their concerns, but there’s always room for improvement, and the area will continue to evolve. I think we’re marching in time with the marketplace. If we’d have come out too quickly with a set of principles, we might not have addressed some of the issues correctly. I actually think we’re in a great position right now to both protect consumer choice and preserve innovation. The market is growing but still very nascent, and the fact is that a lot of the technologies that we read about do exist but aren’t really being put into practice.