Since its launch this past Spring, Apple’s new iAd interface has promised to change the landscape of mobile advertising and how consumers and advertisers interact. But the multiple, interlocking terms of use, developer agreements and privacy policies that govern various aspects of the iAd system also raise some interesting issues surrounding the collection and sharing of information regarding users viewing ads served through the iAd platform. And these issues are not limited to Apple’s iAd environment and should be of interest and concern to all stakeholders in the mobile space.iAd is a mobile advertising mechanism by which Apple sells and serves ads through participating Apps made available to consumers through Apple’s App Store for use on iPhones and iPod Touches (and iPads, later this year). The ads themselves are fully integrated with the App, so that when a user selects the ad, she does not navigate away from the App, but opens an interactive experience within the App—an app withinan app.

There are obviously certain elements of the iAd environment that are unique to Apple. Apple sold the hardware the ads are displayed on (iPhones, iPod Touches and iPads), distributed and/or sold the App the ad appears in (through the App Store) and is creating many of the ads itself. Thus, in many ways, Apple will set the “default” for flow of information among the various stakeholders– user to Apple (via Apple’s Privacy Policy and the App Store Terms and Conditions), Apple to App developer and Apple to advertisers. Through these last two, Apple could presumably establish requirements for the use and disclosure of user information by App developers and advertisers.

But the question remains: are the interests of all of these stakeholders aligned? Or does the mobile ad environment lend itself to certain inherent tensions when it comes to the use and exploitation of personal information?

For example, Apple’s Privacy Policy and App Store Terms and Conditions state that information is collected and used by Apple only in aggregated form (that is, individualized information is not collected). Location data is separately called out, with the policies providing that location data may be collected if a user “uses any service that relies on location information.” Such location information appears to have primary value only if used on an individualized basis, for example, to serve an ad to a user based on his or her location at any given time.

But as noted above, Apple isn’t the only entity involved. Data can be collected in an App itself, as well as through an iAd placed in an App. And while Apple can claim that it is solely responsible for, and has sole entitlement to, data it collects through the sale of its hardware and Apps through the App Store, that is not necessarily the case for data that may be harvested through an App and/or an iAd contained in an App.

The most valuable asset in the mobile ad environment is the granularity of data that can be collected, mined and then exploited in the future, through highly targeted ads that fetch higher and higher rates because they generate more and more revenue for the advertisers. One example that is receiving a lot of publicity is the Shopkick app, which will be available both on the iPhone and Android phones. Shopkick can track a user through participating malls and retail stores and enable the user to accumulate points, redeemable for gift cards, as they move through the store. App developers, publishers, advertisers, marketers and ad networks (such as Apple) all have a strong interest in user data, which effectively puts such data into play when framing the various agreements that are the foundation to the mobile ad environment. Thus, in entering a contract for the development of an in-App ad, the developer/publisher of the App and the advertiser/marketers placing the ad can reach agreement on what user data will be collected, by whom and how it will be maintained, used and exploited. While some of these provisions regarding use may need to comply with requirements dictated by the operator of the App store (such as Apple or Google or RIM/Blackberry) or of the ad network, it is clear that there will likely be different standards, conditions and restrictions amongst the various stakeholders.

In addition, and of importance to consumers, privacy advocates and, perhaps, regulators, is the question of responsibility and disclosure. More likely than not, in this new mobile ad environment, consumers are not going to draw distinctions between all of the different stakeholders (e.g. the operator of the App store, developer/publisher of the App, advertiser/marketer placing the ad, and operator of the ad network). They just want to know how to find out how their information is being collected and used.

From a functionality and user-experience perspective, there may be resistance to placing notices, privacy policies or terms and conditions at every user entryway in a mobile ad environment–which would include both App and ad.  However any entity collecting user information is going to have an obligation to disclose its collection and use policies to consumers. And it will be up to the consumers to sort out what rights they may have with respect to the various stakeholders and how they may vary depending on where in the mobile ad landscape that information is collected.

Obviously this is a brave new world, with the rules, protocols, rights, responsibilities and risks being established and allocated in a very fluid fashion. And these issues are particularly timely for the DigitalHHR team. On September 21, we presented a CLE-accredited webinar entitled, “Whose Data Is it Anyway? Privacy and Data Security in a De-Centralized Digital World”. We explored the legal and business issues raised by the need to protect personally identifiable information of end users in a digital environment, including the special issues that are present in the mobile ad space.