By Holden Williams
In January, Congress sent an encouraging signal about its involvement in the digital ecosystem by introducing a new bill: the Banning Surveillance Advertising Act. Introduced by Representatives Anna Eshoo (D-CA) and Jan Schakowsky (D-IL), as well as Senator Cory Booker (D-N), the Banning Surveillance Advertising Act (BSSA) would take the essential steps to better protect consumers from harmful advertising collection practices.
Specifically, the BSSA would ban third parties from accessing users’ personal information to target them with advertisements. It would prohibit disciminatory targeting of ads for those deemed to be in a protected class, which includes race, ethnicity, gender, religion, sex, familial status, and disability.
The BSSA reflects similar steps taken in the European Union with the Digital Services Act (DSA). There, officials are moving to bolster consumer privacy protections including a ban on targeted advertising that utilizes sensitive user information and a ban on “dark patterns.”
The BSSA also includes elements that IDAC has long supported, such as strengthened regulatory enforcement mechanisms. Previously, we urged Congress to increase funding for the Federal Trade Commission (FTC) as well as increase its statutory authority to better protect against privacy and security violations. We also called on the Federal Communications Commission (FCC) and FTC to regulate the sale, use, and transfer of location data.
The BSSA builds on these proposals by empowering state Attorneys General and giving citizens the power to protect themselves, in court if necessary. For instance, the FTC and state Attorneys General would be able to issue fines of up to $5,000 per knowing violation of the act. This broadening of authority is especially important because of the FTC’s already-constrained resources.
Our recent investigation into more than 150 mobile health apps further showcased the need for regulators to prioritize consumer privacy. IDAC conducted a deep analysis on 46 health and wellness apps and found 44 of the 46 were using advertising and analytics services. Most of the transmission we observed to these third parties included unique identifiers for the users. The BSSA would prohibit apps from sharing this information for targeted advertising purposes as it categorizes unique identifiers, such as the Android Advertising Identifier (AAID), as personal information.
Data privacy advocates like IDAC have had concerns around sharing these unique identifiers. This is because, when apps share unique identifiers, advertisers can use that information to target users with advertisements based on sensitive information collected or inferred from the app. A user’s name or unique identifier can become sensitive information when it is associated with information about a health app. For example, when a user’s name is associated with the use of a pregnancy app, an advertiser can infer the user is pregnant or trying to become pregnant.
While the bill will prohibit companies from targeting users with advertisements, it does allow the use of “contextual advertising.” So, for example, a pregnancy related advertisement is acceptable in the context of a pregnancy app, but once the user leaves the pregnancy app, the personal information about their pregnancy should not be used to serve advertisements on other applications and web services. This is a step in the right direction.
Congress should pass the Banning Surveillance Advertising Act to better protect consumers from harmful advertising practices and ensure consumers have more confidence that data gathered from them while using apps around sensitive topics, such as mental wellness, fitness, and feminine health, won’t be used for monetization purposes. The addition of giving the consumer a right to private action will also help to empower digital watchdogs such as IDAC with a new tool in their legal toolkit to help consumers navigate privacy and security concerns in the digital ecosystem.