The push for protection in mobile app privacy most clearly began with a Joint Statement of Principles laid out by the California Attorney General, created in February 2012. The California Joint Principles represent an agreement by several top companies in the mobile industry. The agreement, which includes Apple, Google, Research In Motion, HP, and Microsoft (in addition to Facebook, which signed on in June), states what these companies promise to do in their mobile app store. The agreement reached by the major mobile companies provides that the California Online Privacy Protection Act is applicable to any application that collects personal data from a consumer. Such an app requires a “conspicuously posted” privacy policy. The agreement provides that when an app is submitted to a mobile app store by the developer there should be a hyperlink to the privacy policy or the actual privacy policy for that particular app. The privacy policy, whether a hyperlink or the full text, should be available in the mobile app store prior to download of the app. The major mobile companies must also provide a method for users to report apps that do not have such a policy or whose policy does not comply with applicable law.
In addition to the Joint
Principles, the FTC has released a new
Report on marketing mobile applications, in September of 2012,
that contains suggestions on how to limit privacy concerns in a mobile app. The FTC suggests that mobile app creators:
Build privacy considerations in from the start. The FTC calls this “privacy by design.”… Incorporating privacy protections into your practices, limiting the information you collect, securely storing what you hold on to, and safely disposing of what you no longer need. Apply these principles in selecting the default settings for your app and make the default settings consistent with what people would expect based on the kind of app you’re selling. For any collection or sharing of information that’s not apparent, get users’ express agreement. That way your customers aren’t unwittingly disclosing information they didn’t mean to share.
Be transparent about your data practices….Offer choices that are easy to find and easy to use…Honor your privacy promises…The FTC has taken action against dozens of companies that claimed to safeguard the privacy or security of users’ information, but didn’t live up to their promises in the day-to-day operation of their business. The FTC also has taken action against businesses that made broad statements about their privacy practices, but then failed to disclose the extent to which they collected or shared information with others – like advertisers or other app developers…Protect kids’ privacy…
Collect sensitive information only with consent. Even when you’re not dealing with kids’ information, it’s important to get users’ affirmative OK before you collect any sensitive data from them, like medical, financial, or precise geolocation information. It’s a mistake to assume they won’t mind.
Keep user data secure...The wisest policy is to:
- collect only the data you need;
- secure the data you keep by taking reasonable precautions against well-known security risks;
- limit access to a need-to-know basis; and
- safely dispose of data you no longer need.
(Written by Brett Alazraki, Fall 2012 IBLT Entrepreneurship Assistance Fellow)
No comments:
Post a Comment