Data use and sharing disclosures on mobile devices need work,
the FTC said in a staff report released last week. The report
recommends ways that actors in the mobile marketplace—such as
mobile operating system providers, application developers,
advertising networks, and analytics companies—can inform
consumers of data collection and sharing practices. While the FTC
tailors recommendations for each group, the recommendations are
essentially focused on providing consumers with timely and
understandable data use disclosures. If such disclosures do not
materialize, FTC Chairman Jon Leibowitz said to reporters in a
teleconference discussing the report, the mobile industry may face
regulatory or legislative mandates.
The report is in part the result of the FTC's May 30, 2012
workshop, which brought together members of
the mobile industry, trade associations, academia, and consumer
privacy groups to discuss privacy issues presented by mobile
devices. The report is also in response to increasing consumer
concern about privacy on mobile devices.
While providing a wealth of benefits to consumers and players in
the mobile marketplace, mobile devices have presented novel privacy
issues because they are personal to the consumer and are used for
numerous activities such as surfing the Internet and social
networks, sending e-mails and messages, taking and sharing
photographs, and simply making phone calls. Additionally, mobile
devices are almost always turned on and are almost always with the
user. All this facilitates new avenues and levels of data
collection, but the space available for disclosures is limited to
the size of the mobile device's screen – often just a few
While the report does not carry the force of law, it offers
several suggestions for mobile privacy disclosures and provides a
window into the FTC's approach to mobile privacy. For instance,
the report indicates that the FTC views adherence to a "strong
privacy code" favorably and considers geolocation information
to be "sensitive"—akin to financial, health, and
The FTC report recommends the following with respect to specific
actors in the mobile marketplace:
Operating System Providers:
Provide disclosures and obtain consumers' affirmative
express consent before allowing apps to access data;
Consider a one-stop "dashboard" approach and the use
of icons to allow consumers to review the types of content accessed
by apps and to depict the transmission of user data;
Implement developer best practices that require developers to
make privacy disclosures, enforce those requirements, and educate
Provide clear disclosures about the extent to which the
platform reviews apps before making them available for download;
Offer a Do Not Track function for mobile devices that allows
consumers to prevent tracking by ad networks or other third
Provide layered disclosures and obtain affirmative express
consent before collecting and sharing sensitive information (to the
extent the platforms have not already done so);
Coordinate with ad networks and other third parties such as
analytics companies to better understand the third-party software
and provide accurate disclosures to consumers;
Participate in self-regulatory programs, trade associations,
and industry organizations to develop uniform, short-form privacy
Advertising Networks and Other Third Parties:
Communicate with app developers towards providing truthful
Work with platforms to ensure effective implementation of
mobile Do Not Track.
Trade associations, Academics, Experts and Researchers:
Develop short-form disclosures for app developers;
Promote standardized privacy policies that will enable
consumers to compare data practices across apps;
Educate app developers on privacy issues.
While the FTC has indicated that it will continue to monitor
developments in the mobile marketplace and is open to further
suggestions and proposals, it encourages actors in the mobile
marketplace to implement the recommendations in the report. In the
end, the FTC hopes the report will help build trust between
businesses and consumers.
Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
We previously reported here that CNA filed a lawsuit against its insured Cottage Health System seeking reimbursement of amounts that it previously paid under Cottage's cyber liability insurance policy.
The Ashley Madison site declares on its home page that "Life is short. Have an affair." The home page goes on to state that "Ashley Madison is the world's leading married dating service for discreet encounters."
Evidence collected by the U.S. Department of Homeland Defense (DHS) shows that cyberattacks on key energy infrastructure – particularly the electric system – are increasing in both sophistication and frequency.
On Friday, July 24, the United States Judicial Panel on Multidistrict Litigation issued an Order consolidating in the D.C. Circuit Court of Appeals three timely petitions for review of a July 10, 2015 Declaratory Ruling and Order of the Federal Communications Commission (FCC).