Pixalate analyzed 3.9MM app privacy policies and published a list of mobile apps with Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) referenced in their privacy policy, including those registered to companies that do not appear in the CBPR compliance directory.
Pixalate, the global market-leading fraud protection, privacy, and compliance analytics platform for connected TV (CTV) and mobile advertising, examined the privacy policies of ~4 million apps from the Google and Apple mobile app stores. Pixalate found that the privacy policies of 815 apps included a reference to the APEC CBPR System as of Q1 2022. See the full Q1 2022 CBPR Compliance Report here.
In the United States the Federal Trade Commission (FTC) is the privacy enforcement authority (PEA). Most recently, the FTC brought enforcement actions against three companies and issued warning letters to 28 companies for falsely representing that they participated in the APEC CBPR system.
KEY FINDINGS
According to Pixalate, of the 815 apps with “APEC CBPR” in their privacy policy:
Pixalate cross-matched apps that reference APEC CBPR in their privacy policies with companies listed in the CBPR compliance directory. The list of all apps with APEC CBPR terms is broken down by those that do appear in the compliance directory and those that do not.
What is APEC CBPR, and why is this important?
The APEC forum is the leading organization in the Asia-Pacific region that facilitates trade and investment, economic growth and regional cooperation. The APEC Cross-Border Privacy Rules (CBPR) System is a voluntary, enforceable, accountability-based certification that allows for the transfer of personal data among the nine participating economies. The participant economies are: Australia, Chinese Taipei, Canada, Japan, the Republic of Korea, Mexico, Singapore, and the United States.
According to the CBPR Compliance Directory, there are 49 companies certified. Once a company joins the system and is certified by a third-party Accountability Agent, the certification becomes legally enforceable by the PEA in the economy in which the company has been certified. If a company falsely represents that they participate in the APEC CBPR System, the PEA can bring an enforcement action against the company.
About Pixalate
Pixalate is the market-leading fraud protection, privacy, and compliance analytics platform for Connected TV (CTV) and mobile advertising. Pixalate works 24/7 to guard your reputation and grow your media value by offering the only system of coordinated solutions across display, app, video, and OTT/CTV for better detection and elimination of ad fraud. Pixalate is an MRC-accredited service for the detection and filtration of sophisticated invalid traffic (SIVT) across desktop and mobile web, mobile in-app, and OTT/CTV advertising. www.pixalate.com
Disclaimer
The content of this press release reflects Pixalate's opinions with respect to factors that Pixalate believes can be useful to the digital media industry, as well as to those researching adoption of internationally-recognized data privacy protections. Any data shared is grounded in Pixalate's proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate's opinions are just that, opinions, which means that they are neither facts nor guarantees. Pixalate does not independently verify third-party information. Pixalate is sharing this data not to impugn the standing or reputation of any entity, person or app, but, instead, to report findings and trends pertaining to apps available for download in the official Apple App Store and Google Play Store.
The fact that an app developer’s company of registration is located in one of the nine APEC CBPR economies does not necessarily mean that the company is certified. An app developer with a company of registration located in a non-APEC CBPR economy may be certified if it is an affiliate or subsidiary of a company located in an APEC CBPR economy that has extended the scope of its certification to the affiliate or subsidiary. Pixalate is not asserting that any companies are falsely claiming APEC CBPR certification.
*By entering your email address and clicking Subscribe, you are agreeing to our Terms of Use and Privacy Policy.
These Stories on Mobile
*By entering your email address and clicking Subscribe, you are agreeing to our Terms of Use and Privacy Policy.
Disclaimer: The content of this page reflects Pixalate’s opinions with respect to the factors that Pixalate believes can be useful to the digital media industry. Any proprietary data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that - opinion, not facts or guarantees.
Per the MRC, “'Fraud' is not intended to represent fraud as defined in various laws, statutes and ordinances or as conventionally used in U.S. Court or other legal proceedings, but rather a custom definition strictly for advertising measurement purposes. Also per the MRC, “‘Invalid Traffic’ is defined generally as traffic that does not meet certain ad serving quality or completeness criteria, or otherwise does not represent legitimate ad traffic that should be included in measurement counts. Among the reasons why ad traffic may be deemed invalid is it is a result of non-human traffic (spiders, bots, etc.), or activity designed to produce fraudulent traffic.”
