The International Chamber of Commerce’s work (ICC) has been setting the gold standard for global business rules and codes for marketing and advertising since 1937. This year It has been revised to make sure its rules and application thereof are fit for the digital age.
In response to the growth of mobile use, particularly in mature economies, the ICC has just issued theICC Guide for Responsible Mobile Marketing Communications, which applies self-regulatory principles to ensure a common approach to mobile marketing.
It addresses 5 areas in mobile marketing principally around consent, opt-in/opt-out, disclosure requirements, frequency and timing of SMS/MMS messaging, and dealing with spam abuse. These are listed below with some of the additional key indicators.
- Messaging / SMS /MMS; Opt-in approval to receive SMS/MMS, simple means to get further action such as using the word Help or Stop to discontinue messaging, respecting customer preference register, message transparency re-marketer identity, and messages only during reasonable hours. Opt-out: recipient can opt-out, using simple words such as “stop” or “discontinue”, and a means to report spam/abuse should be provided.
- Push Notification (such as in Mobile & Tablet Application); Push notifications should be opt-in, with user consent asked on first launch of app. Notifications should likewise be easy to turn off or on.
- Geo-Marketing Push Notifications (such as Mobile & Tablet Application); Geo-localised push notifications should be controllable by the user.
- Geolocation Services (such as in Mobile & Tablet Site and Application); the sender should clearly explain the goal of the service and how an individual’s data is being used
- Login & Share through Partner Account or Social Media Application Programming Interfaces (API); To facilitate, a user can be invited to use his existing ID/ password of an external player Google, Facebook, Twitter etc. Clear indication about data sharing to other platforms should be provided
The guidance also importantly underlines that mobile marketing communications are not to be aimed at children 12 years and under.
ICC also issued its Mobile supplement to the ICC Resource Guide for Self-Regulation of Interest Based Advertising which expands on existing guidelines for interest-based advertising (IBA) to address mobile issues such as location data and cross-device targeting.
Clear recommendations are made in the following areas:
- Notice and Transparency; Apps should endeavour to provide key privacy information in simple and short disclosures. If possible, the info should render easily on the screen of a mobile device. Key privacy information could include, for example, what information an app collects, how the information will be used, and with whom the information will be shared both from within the app and prior to download/install.
- Apps should provide “just in time” notice for use of sensitive data and/or unexpected uses of data (the mobile platforms’ permissions process may be leveraged for such notices), including, but not limited to: financial information, precise geolocation, health or medical information, accessing contacts, calendar, photos, video, or other media files, accessing other sensors or features on the phone (like a camera, microphone, Bluetooth connection, or SMS messages), offering in-app purchases, push notifications.
- Control and Choice; Where appropriate, an app should provide users control and choice around the collection, storage, and transfer of personal information.
- Precise Location; Privacy disclosures should make clear the ways in which sites, apps, and services (including, for example, Application Programming Interfaces (APIs) and Software Development Kits (SDKs) available for use by third parties), access, use, and share precise geolocation data.
- Limit Ad Tracking; When Limit Ad Tracking is enabled by the user, the advertising identifier or other mobile device identifiers such as Unique Device ID (UDID), android id, or mac address should not be used for advertising purposes, unless there is a more specific choice by the user that would allow the use of identifiers for advertising purposes.
- Third Parties; Disclosures and choices offered to consumers and to the first-party companies on whose websites and apps cross-device tracking companies appear should address the many forms of tracking used.
- Cross Device Tracking; Users should not be led to believe tracking is more limited than it is, or that they have blocked all tracking across all apps, browsers and user devices when that is not the case. Companies should ensure that a consumer’s opt-out on one device to prevent that device from receiving interest based ads should also prevent data from that device from informing interest based ads on other devices linked through cross-device linking. If the choices offered do not cover all the ways companies track consumers, then this should be clearly and prominently indicated.
- Security; Systems that store or process user data should be protected via industry-standard security controls and best practices (e.g., restricted access, auditing, encryption where necessary).
- Children; If your app is targeted or appeals to children or has any age screening mechanism in place, ensure compliance with applicable laws that restrict data collection from users under a particular age.
Overall, the ICC guidance brings global mobile IBA business rules in line with US and European guidance issued. Obviously, the ICC is aware that there are varying legal contexts to take account of across the globe; some of which are far more restrictive with regard to privacy requirements.
That’s not all, the ICC has just completed its 10th revision of the ICC Advertising and Marketing Communications code to make it fit for the digital world. This code is the reference point for self-regulatory codes nationally, and it will be released at the end of September.
My next blog in early September will tell you about what’s useful to know and about EDAA’s specially organised webinar on the ICC codes and guidance. Stay tuned!
About the author
Dr. Oliver Gray has over 25 years of experience in corporate social responsibility, national, European and international public affairs, self-regulation and standard setting. He currently operates his own consultancy, Graywise, out of Brussels which specializes in providing services on governance, compliance and responsibility issues.