T‑Mobile does not sell information that directly identifies you, like your name, address, social security number, banking information, or phone records. In fact, we do not even share that type of information except with service providers who can use the information solely to provide a service on our behalf, when a consumer directs us to share the information, or in the limited additional circumstances outlined in our Privacy Notice (such as for fraud prevention purposes or where we are legally required to share the information).
However, the CCPA’s broad definitions of “sale” and “personal information” may deem the common flow of information in the digital analytics and advertising ecosystem to be a sale. Like most companies that operate commercial websites and apps, T‑Mobile utilizes online analytics to measure the ways users engage with our websites and apps. These analytics, in turn, inform how we perform online advertising. In order to provide these analytics and facilitate online advertising, T‑Mobile uses third-parties that collect device identifiers and place tags, cookies, beacons, and similar tracking mechanisms on our digital properties and on third-party digital properties. For instance, we may request that a third-party facilitate the placement of T‑Mobile ads on a particular website after a consumer has previously visited T‑Mobile.com. The third-parties we use for these purposes generally do this by placing a cookie on a user’s browser so it can identify that the same browser visited other websites. Similarly, where our digital properties provide space for advertisements, these third-parties may use identifiers such as cookies for websites, or the device’s mobile AdID for apps, to facilitate real-time bidding by advertisers.
Under T‑Mobile's personalized ads program, we use and analyze data from things like device and network diagnostic information (Android users only), apps on your device, and broadband information. This data helps us understand more about user interests (e.g., sports enthusiast, loves cooking, etc.). Using this information, we create groups known as “audience segments,” which may be used by T‑Mobile or sold to third parties to make ads more relevant to you. When we sell audience segments, we do not sell information that directly identifies customers, like name, address, or email. Rather, audience segments are associated with mobile advertising IDs, which are long set of numbers and letters. For example, this might say something like "2drdn43np2cMapen084" is a sports enthusiast." Take a look at our Advertising and Analytics article and T‑Mobile Privacy Notice for details. Where we can reasonably ensure via contract that the third-parties described above can and will use a device identifier solely to provide the specific service we have requested, and will not use or share the data for other purposes, we will not deem that sharing a “sale” under the service provider exception. In most cases, we’ve determined that our data analytics providers that measure the ways users engage with our websites and apps meet this standard and, accordingly, we will not block the sharing of an identifier with those entities even when you choose to opt-out through the “Do Not Sell” link.
In some cases, though, T‑Mobile does not ultimately control how such identifiers are used by some third-parties (particularly in some cases in the online advertising ecosystem), and so we can’t determine that all sharing with third-parties in these cases fall within the service provider exception under the law. As a result, we are currently treating our sharing with some of these third-parties as a “sale” under the CCPA.