DAA Issues Warning On Device Fingerprinting
Wednesday, March 23, 2022
DAA Issues Warning to Companies Utilizing Fingerprinting for Advertising Purposes
Print Mail Download i

The Digital Advertising Accountability Program, which enforces privacy principles for digital advertising, issued a compliance warning to advertisers regarding device fingerprinting. This warning is worth keeping in mind, since the “fingerprinting” practice is rising in more and more industries.

Device fingerprinting is using technological tools to recognize unique devices. It typically occurs by combining device characteristics (like device IP address, operating system, type and version of web browser) to identify unique devices.  This information can be collected across applications, and thus falls within the guidelines.   In particular, as “Cross App Data,” which is that which is collected from a particular device regarding application use over time and across non-affiliate applications. Under the DAA guidelines, companies need to provide notice and consent when using Cross-App Data for certain purposes—including for interest-based advertising (also known as targeted advertising).

Until recently, notice and consent was put in place when advertisers (engaged in interest-based advertising) used advertising identifiers (“Advertising IDs”). Advertising IDs associate the user of a particular app with a particular device at a particular time. The DAA’s recent warning, though, explains that the guidelines are intended to apply more broadly. They impact any technology that is used to identify a device or user for interest-based advertising.

In short, the compliance warning makes it clear that advertisers using device fingerprinting as a method to identify users or devices for purposes of interest-based advertising must provide the “same level of transparency and choice to consumers as they would if using an Advertising ID for the same purpose.” To comply with these requirements, advertisers may need to provide notice, enhanced notice or garner consent from the user, depending on the advertiser’s relationship to the user and the details of collection.

Putting it Into Practice: Companies who use device fingerprinting for interest-based advertising, whether online or on mobile devices, should keep in mind the DAA’s notice and choice requirements.

Copyright © 2024, Sheppard Mullin Richter & Hampton LLP.

Current Legal Analysis

More from Sheppard, Mullin, Richter & Hampton LLP

The CPPA Signals Focus on Data Minimization and Consumer Requests
by: Brittany Walter
Nebraska Fourth State to Enact Privacy Law in 2024
by: Liisa M. Thomas , Kathryn Smith
Solving for Physician Burnout: Creating a Culture of Psychological Safety
by: Kathleen M. O'Neill , Samantha Young
CMS Finalizes Federal Minimum Staffing Standards for Nursing Homes
by: Lourdes Martinez , Gregory R. Smith
New Program Under Biden Executive Order to Prevent Access to American’s Sensitive Personal Data by Foreign Actors
by: Townsend L. Bourne , Jordan Mallory
FTC Votes to Ban Noncompete Agreements
by: John D. Carroll , Leo Caseria
Treasury Department Proposes to Sharpen the Teeth of CFIUS Enforcement
by: Brian D. Weimer , Douglas A. "Drew" Svor
Mother May I? Florida and Utah Recently Regulations for Minor Use of Social Media Platforms
by: Snehal Desai
Supreme Court Holds “Pure Omissions” Are Not Actionable Under Rule 10b-5(b)
by: John P. Stigi III , Kristin P. Housh
Utah Breach Notice Law Amended, Effective May 1
by: Liisa M. Thomas

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins