its launch this past Spring, Apple’s new iAd interface has promised to change
the landscape of mobile advertising and how consumers and advertisers interact.
policies that govern various aspects of the iAd system also raise some
interesting issues surrounding the collection and sharing of information
regarding users viewing ads served through the iAd platform. And these issues
are not limited to Apple’s iAd environment and should be of interest and
concern to all stakeholders in the mobile space.iAd is a mobile advertising
mechanism by which Apple sells and serves ads through participating Apps made
available to consumers through Apple’s App Store for use on iPhones and iPod
Touches (and iPads, later this year). The ads themselves are fully integrated
with the App, so that when a user selects the ad, she does not navigate away
from the App, but opens an interactive experience within the App—an app withinan app.
are obviously certain elements of the iAd environment that are unique to Apple.
Apple sold the hardware the ads are displayed on (iPhones, iPod Touches and
iPads), distributed and/or sold the App the ad appears in (through the App
Store) and is creating many of the ads itself. Thus, in many ways, Apple will
set the “default” for flow of information among the various stakeholders– user
Apple to App developer and Apple to advertisers. Through these last two, Apple
could presumably establish requirements for the use and disclosure of user
information by App developers and advertisers.
the question remains: are the interests of all of these stakeholders aligned?
Or does the mobile ad environment lend itself to certain inherent tensions when
it comes to the use and exploitation of personal information?
information is collected and used by Apple only in aggregated form (that is,
individualized information is not collected). Location data is separately
called out, with the policies providing that location data may be collected if
a user “uses any service that relies on location information.” Such location
information appears to have primary value only if used on an individualized
basis, for example, to serve an ad to a user based on his or her location at
any given time.
as noted above, Apple isn’t the only entity involved. Data can be collected in
an App itself, as well as through an iAd placed in an App. And while Apple can
claim that it is solely responsible for, and has sole entitlement to, data it
collects through the sale of its hardware and Apps through the App Store, that
is not necessarily the case for data that may be harvested through an App
and/or an iAd contained in an App.
most valuable asset in the mobile ad environment is the granularity of data
that can be collected, mined and then exploited in the future, through highly
targeted ads that fetch higher and higher rates because they generate more and
more revenue for the advertisers. One example that is receiving a lot of
publicity is the Shopkick app, which will be available both on the iPhone and
Android phones. Shopkick can track a user through participating malls and
retail stores and enable the user to accumulate points, redeemable for gift
cards, as they move through the store. App developers, publishers, advertisers,
marketers and ad networks (such as Apple) all have a strong interest in user
data, which effectively puts such data into play when framing the various
agreements that are the foundation to the mobile ad environment. Thus, in
entering a contract for the development of an in-App ad, the
developer/publisher of the App and the advertiser/marketers placing the ad can
reach agreement on what user data will be collected, by whom and how it will be
maintained, used and exploited. While some of these provisions regarding use
may need to comply with requirements dictated by the operator of the App store
(such as Apple or Google or RIM/Blackberry) or of the ad network, it is clear
that there will likely be different standards, conditions and restrictions
amongst the various stakeholders.
addition, and of importance to consumers, privacy advocates and, perhaps,
regulators, is the question of responsibility and disclosure. More likely than
not, in this new mobile ad environment, consumers are not going to draw
distinctions between all of the different stakeholders (e.g. the operator of the
App store, developer/publisher of the App, advertiser/marketer placing the ad,
and operator of the ad network). They just want to know how to find out how
their information is being collected and used.
a functionality and user-experience perspective, there may be resistance to
placing notices, privacy policies or terms and conditions at every user
entryway in a mobile ad environment–which would include both App and ad. However any entity collecting user
information is going to have an obligation to disclose its collection and use
policies to consumers. And it will be up to the consumers to sort out what
rights they may have with respect to the various stakeholders and how they may
vary depending on where in the mobile ad landscape that information is
Obviously this is a brave new world, with the
rules, protocols, rights, responsibilities and risks being established and
allocated in a very fluid fashion. And these issues are particularly timely for
the DigitalHHR team. On September 21, we presented a CLE-accredited
webinar entitled, “Whose Data Is it Anyway? Privacy and Data Security in a
De-Centralized Digital World”. We explored the legal and business
issues raised by the need to protect personally identifiable information of end
users in a digital environment, including the special issues that are present
in the mobile ad space.