December 6, 2022

Volume XII, Number 340


December 05, 2022

Subscribe to Latest Legal News and Analysis

DAA Issues Warning On Device Fingerprinting

The Digital Advertising Accountability Program, which enforces privacy principles for digital advertising, issued a compliance warning to advertisers regarding device fingerprinting. This warning is worth keeping in mind, since the “fingerprinting” practice is rising in more and more industries.

Device fingerprinting is using technological tools to recognize unique devices. It typically occurs by combining device characteristics (like device IP address, operating system, type and version of web browser) to identify unique devices.  This information can be collected across applications, and thus falls within the guidelines.   In particular, as “Cross App Data,” which is that which is collected from a particular device regarding application use over time and across non-affiliate applications. Under the DAA guidelines, companies need to provide notice and consent when using Cross-App Data for certain purposes—including for interest-based advertising (also known as targeted advertising).

Until recently, notice and consent was put in place when advertisers (engaged in interest-based advertising) used advertising identifiers (“Advertising IDs”). Advertising IDs associate the user of a particular app with a particular device at a particular time. The DAA’s recent warning, though, explains that the guidelines are intended to apply more broadly. They impact any technology that is used to identify a device or user for interest-based advertising.

In short, the compliance warning makes it clear that advertisers using device fingerprinting as a method to identify users or devices for purposes of interest-based advertising must provide the “same level of transparency and choice to consumers as they would if using an Advertising ID for the same purpose.” To comply with these requirements, advertisers may need to provide notice, enhanced notice or garner consent from the user, depending on the advertiser’s relationship to the user and the details of collection.

Putting it Into Practice: Companies who use device fingerprinting for interest-based advertising, whether online or on mobile devices, should keep in mind the DAA’s notice and choice requirements.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XII, Number 82

About this Author

Brittany Walter Intellectual property Attorney Sheppard Mullin Law Firm San Francisco

Brittany Walter is an associate in the Intellectual Property Practice Group in the firm's San Francisco office. She is a member of the Privacy and Cybersecurity Team, the Advertising Team and the Technology Transactions Team.

Areas of Practice

Brittany’s practice focuses on protecting her clients’ intellectual property rights through counseling, prosecution, enforcement and litigation.

Prosecution and Enforcement. Brittany assists with matters before the United...

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...