The DAA published a compliance warning that Cross Device enforcement is now in effect. The warning reminds companies:
- The rules apply to both deterministic and probabilistic identification techniques
- First and Third parties are expected to collaborate in meeting the rules
- Enhanced Notice should explain “data collected from a particular browser or device may be used with another computer or device that is linked to the browser or device on which such data was collected“
- After opt-out, a device should be thought of as a ‘black hole’ from which no data for IBA can escape
- includes sharing with third parties for IBA
- Opt-out mechanism must be easy to use, and the scope of opt-out clearly defined
The warning also recommends companies to make sure all links work properly after updating a privacy policy.
Click to access compliance-warning-cw-04-2017-cross-device-enforcement.pdf
jbho: it appears the OIBAAP will be in the driver’s seat on cross device enforcement for the time being. In its recent report, the FTC lauded the DAA approach, but was unclear as to what its next steps will be in this space. More on the FTC’s cross device report is available here.