Do Not Sell My Personal Information
As the Un-carrier, we are 100% committed to our customers, which is why we want to take the time to explain exactly what the “Do Not Sell My Personal Information” link on T-Mobile webpages and apps means. The purpose of this article is to explain (1) why T-Mobile’s webpages and apps contain the “Do Not Sell” link, (2) what it means to “sell” “personal information,” as those terms are defined under California law (3) that T-Mobile does not sell personal information that directly identifies you, even under the California definition of “sale,” (4) what happens if you tell T-Mobile not to “sell” your personal information, (5) how T-Mobile implements your choice to block it from “selling” your personal information, and (6) how T-Mobile maintains your “Do Not Sell” Choice.
1. Why Does T-Mobile Provide the “Do Not Sell” Link?
2. What Does it Mean to “Sell” “Personal Information” Under the CCPA?
The CCPA broadens the definition of “sale” and “personal information” beyond how you might commonly interpret those terms.
Under the CCPA, “personal information” includes information that is not necessarily directly tied to an individual’s identity but may be associated with a device. This includes identifiers such as IP addresses, web cookies, web beacons, and mobile AdIDs. In many cases, this type of information is not associated with you, but they are unique identifiers that could be. Similarly, the term “sell” is defined to include not just selling in exchange for money, but also sharing or transferring personal information (including information that does not directly identify an individual as described above) in exchange for anything of value, which is not limited to the exchange of money. Certain things are not considered “sales,” including when (1) personal information is shared with a service provider that is contractually prohibited from using the personal information for any purpose beyond the service specifically requested (“service provider exception”), or (2) when the consumer has directed a company to disclose the personal information (“consumer directed exception”).
3. Does T-Mobile “Sell” my Personal Information?
However, the CCPA’s broad definitions of “sale” and “personal information” may deem the common flow of information in the digital analytics and advertising ecosystem to be a sale. Like most companies that operate commercial websites and apps, T-Mobile utilizes online analytics to measure the ways users engage with our websites and apps. These analytics, in turn, inform how we perform online advertising. In order to provide these analytics and facilitate online advertising, T-Mobile uses third-parties that collect device identifiers and place tags, cookies, beacons, and similar tracking mechanisms on our websites/apps and on third-party websites/apps. For instance, we may request that a third-party facilitate the placement of T-Mobile ads on a particular website after a consumer has previously visited T-Mobile.com. The third-parties we use for these purposes generally do this by placing a cookie on a user’s browser so it can identify that the same browser visited other websites. Similarly, where our webpages or apps provide space for advertisements, these third-parties may use identifiers such as cookies for websites, or the device’s mobile AdID for apps, to facilitate real-time bidding by advertisers.
Where we can reasonably ensure via contract that the third-parties described above can and will use a device identifier solely to provide the specific service we have requested, and will not use or share the data for other purposes, we will not deem that sharing a “sale.” In most cases, we’ve determined that our data analytics providers that measure the ways users engage with our websites and apps meet this standard and, accordingly, we will not block the sharing of an identifier with those entities even when you choose to opt-out through the “Do Not Sell” link.
In some cases, though, T-Mobile does not ultimately control how such identifiers are used by some third-parties (particularly in some cases in the online advertising ecosystem), and so we can’t determine that all sharing with third-parties in these cases fall within the service provider exception under the law. As a result, we are currently treating our sharing with some of these third-parties as a “sale” under the CCPA.
4. What Happens when I Tell T-Mobile not to “Sell” my Personal Information?
When a user of our websites/apps makes the “Do Not Sell” choice, we will attempt to block further sharing of the covered identifiers with the third-parties we engage on those digital properties or any other entity that does not fall within the service provider exception or the consumer directed exception.
5. How Does T-Mobile Implement my Choice to Block it from “Selling” my Personal Information?
The implementation of your choice to block the sale of your personal information is complex and will vary between T-Mobile brands, websites, and apps. As general rule, however, when you click the “Do Not Sell” link, you will be provided two choices: (1) set a “Do Not Sell” preference using a cookie for the particular web domain (such as T-Mobile.com or metropcs.com) or an app setting for a particular mobile app (such as T-Mobile Tuesdays) that is not tied to your account, or (2) if you have an account with us, you can sign in to your account and set a persistent “Do Not Sell” preference that we can store as part of our customer records.
6. How Does T-Mobile Maintain my “Do Not Sell” Choice?
For T-Mobile websites, if you do not log in to your account (or do not have an account with us) and instead set a “Do Not Sell” preference that is specific to the site that you are visiting, please be aware that the setting will only work if your browser is set to accept cookies. Likewise, if you clear your browser cookies, the cookie-based “Do Not Sell” setting will be erased, and you will need to reset the setting for that web domain. For T-Mobile apps, the local setting should remain until you specifically change it or clear app data on your device— but you should check the setting regularly to ensure it reflects your current choice.
If you choose to sign in and set a “Do Not Sell” setting tied to your account, we will attempt to identify and honor that setting whenever you are logged into a T-Mobile app or website. This persistent setting will have no effect, however, when you have not signed in to a T-Mobile website or app. In that case, only the setting set for a particular website or app, if one exists, will apply. Please note that when you set a “Do Not Sell” setting in your account, we will attempt to also set your setting for the website or app you are using at that time— but again, that setting may not work if your browser does not accept cookies or if you later delete cookies or delete data on your app.