Does Your Company Engage in Cross-Device Tracking and Comply with DAA Guidance?
The Digital Advertising Alliance (DAA) is a self-regulatory body that oversees online interest-based advertising. Over the years, it has issued principles and guidance to which companies in the online interest-based advertising eco-system must adhere. The DAA also set up an accountability program to oversee and ensure compliance with those principles and guidance.
The upcoming enforcement will not only impact DAA participants, but will also affect companies that contract with participants. Vendors that perform data analytics or provide advertising services frequently participate in the DAA and often contractually require their customers to comply with DAA Principles. For more information see: Enforcement of DAA Cross Device Tracking Guidance Set to Begin in Early 2017.
Does Your Website Use Google Analytics?
Also in 2016, Google updated its policies with respect to its Analytics products. The updated policy requires website operators that use Google Analytics to disclose three things in their privacy policies. First, the policy must specifically list the Google Analytics advertising features that the website operator has implemented, instead of generically citing the use generally of Google Analytics as a whole. Second, the policy must describe how the website operator and its third party vendors use first-party cookies or identifiers together with third-party cookies. Third, the policy must include an opt-out section for the specific Google Analytics features the website operator has implemented, whether that is through a setting or through a broad opt-out such as the consumer opt-out provided by the NAI. Google also encourages, but does not require, websites to direct their users to Google Analytics’ opt-out for the web.
Will Your Company be Self-Certifying to the EU/U.S. Privacy Shield?
- Be clear, concise and easy to understand;
- Describe the Company’s information handling practices and the choices the Company offers individuals with respect to the use and disclosure of their personal data;
- Specifically refer to the Company’s Privacy Shield compliance, and provide a hyperlink to the Department of Commerce’s Privacy Shield website;
- Identify the Company’s independent recourse mechanism, and provide a hyperlink to the website of the recourse mechanism or to the independent recourse mechanism’s complaint submission form;
- Include a statement of the individual’s right to access his or her personal data;
- Identify the statutory body that has jurisdiction to hear claims against the Company; and
- Explain that the Company may have a requirement to disclose personal data in response to lawful requests by public authorities, including to meet national security requirements.
If you have any questions or concerns about these requirements or about privacy compliance in general, please feel free to reach out to us. Kilpatrick Townsend’s Cybersecurity and Privacy team is deeply committed to helping its clients integrate their privacy programs into their business strategies, addressing their bigger marketing, customer relations, and risk management issues along with regulatory compliance.
Related People View All
While we are pleased to have you contact us by telephone, surface mail, electronic mail, or by facsimile transmission, contacting Kilpatrick Townsend & Stockton LLP or any of its attorneys does not create an attorney-client relationship. The formation of an attorney-client relationship requires consideration of multiple factors, including possible conflicts of interest. An attorney-client relationship is formed only when both you and the Firm have agreed to proceed with a defined engagement.
DO NOT CONVEY TO US ANY INFORMATION YOU REGARD AS CONFIDENTIAL UNTIL A FORMAL CLIENT-ATTORNEY RELATIONSHIP HAS BEEN ESTABLISHED.
If you do convey information, you recognize that we may review and disclose the information, and you agree that even if you regard the information as highly confidential and even if it is transmitted in a good faith effort to retain us, such a review does not preclude us from representing another client directly adverse to you, even in a matter where that information could be used against you.