The FTC recently released its “Mobile Privacy Disclosure: Building Trust Through Transparency” staff report.
The theme of the report is that mobile platform operating system
providers (Amazon, Apple, BlackBerry, Google, and Microsoft), app
developers, ad networks, and analytic companies need to provide
consumers with timely, easy-to-understand disclosures about the data
that is collected about them and how the data is utilized.
It appears to build on the September 2012 report
“Marketing Your Mobile App: Get it Right From the Start”. Some of the
recommendations in the September 2012 report include: build privacy
considerations in from the start, honor your privacy promises, collect
sensitive information only with consent, and keep user data secure.
Some members of the app ecosystem appear to have taken the
FTC’s September 2012 report very seriously and anticipated that the FTC
would soon crack down on companies that may not be following the FTC’s
prior digital privacy recommendations. Before the FTC’s new Mobile
Privacy Disclosure staff report was released, Apple, Facebook, and Microsoft teamed up to create a new initiative to educate app developers about digital privacy. The program is called ACT 4 Apps
and it plans to create an environment where app developers may interact
with privacy experts to learn how to abide by state and federal privacy
laws.
The announcement that the FTC has fined social networking app Path $800,000
for alleged privacy violations along with this new staff report
continues to demonstrates that the FTC is spending considerable
resources on digital privacy issues. When the FTC announced last August
that Google
agreed to pay a $22.5 million dollar fine for misrepresenting to users
of Apple’s Safari Internet browser that it would not place tracking
“cookies” or serve targeted ads to those users that should have been a
wake up call to the digital industry that their business practices may
be more heavily scrutinized. December’s announcement that the FTC
adopted final amendments to the Children’s Online Privacy Protection Rule
(COPPA) to strengthen kids’ privacy protections should have been
recognized as a signal by the digital industry that it must become more
proactive in protecting the personal data of its users.
This newly released staff report
recommends that mobile platforms should: provide just-in-time
disclosures to consumers and obtain their affirmative express consent
before allowing apps to access sensitive content like geolocation;
consider providing just-in-time disclosures and obtain affirmative
express consent for other content that consumers would find sensitive in
many contexts; consider developing a one-stop “dashboard” approach to
allow consumers to review the types of content accessed by the apps they
have downloaded; consider developing icons to depict the transmission
of user data; promote app developer best practices; consider providing
consumers with clear disclosures about the extent to which platforms
review apps prior to making them available for download in the app
stores, and conduct compliance checks after the apps have been placed in
the app stores; and consider offering a Do Not Track (DNT) mechanism
for mobile phone users.
App developers should: have a privacy policy and make sure it is
easily accessible; provide just-in-time disclosures and obtain
affirmative express consent before collecting and sharing sensitive
information; improve coordination and communication with ad networks and
other third parties that provide services for apps so the app
developers can better understand the software they are using and, in
turn, provide accurate disclosures to consumers; and consider
participating in self-regulatory programs, trade associations, and
industry organizations.
This staff report states that advertising networks and other third
parties should: communicate with app developers so that the developers
can provide truthful disclosures to consumers; and work with platforms
to ensure effective implementation of DNT for mobile platforms.
The overall theme of this staff report is that the mobile apps
industry must do a better job of communicating to its users what data is
being collected and how it is being utilized. If mobile apps
stakeholders do not move in a timely manner to implement the
recommendations in this report more regulation may be required to
protect the personal privacy of consumers. The bottom line is that the
FTC may closely monitor how stakeholders react to its recommendations to
determine if more regulation may be required to protect the digital
privacy of users.
While mobile apps offer some great benefits and exciting new ways to
interact with others, there are tremendous privacy issues that need to
be addressed. Mobile ecosystem gatekeepers and app developers need to
work with regulators and lawmakers to protect the personal privacy of
mobile app users and to ensure that the industry does not become
over-regulated.
To learn more about these issues you may contact me at http://shearlaw.com.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
