Richard Raysman is a Partner in our New York office
Beyond the obvious benefits of the latest generation of smartphones, mobile technology presents multiple privacy challenges. Mobile devices are almost always on, and nearby, and produce large amounts of data that might be shared among the many entities of the mobile ecosystem, including wireless carriers, mobile operating system providers, handset manufacturers, app developers, web analytics companies, and online ad networks. Moreover, it is more difficult to educate consumers about mobile data collection because the small size of mobile phone screens presents practical challenges in how to notify consumers about the extent of data collection and information sharing.
This past month, the FTC released a new staff report, Mobile Privacy Disclosures: Building Trust Through Transparency, that offers recommendations to a host of industry participants– platforms, app developers, ad networks and analytics companies, and app trade associations. The Report points out that if strong privacy codes are developed, the FTC will view adherence to such codes favorably in connection with its law enforcement work.
Mobile Platforms
The FTC noted that mobile platforms such as Apple are
gatekeepers to the app
marketplace and can improve mobile privacy disclosures, such as
setting requirements for app developers and fine-tuning the
interface in the app stores. Among other things, the agency
recommends:
- provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geolocation or other content that consumers would find sensitive in certain contexts (e.g., contacts, photos, calendar entries, or recorded audio or video content)
- develop a one-stop "dashboard" approach to allow consumers to review the types of content accessed by their downloaded apps
- develop icons that would be displayed on the top edge of smartphone screens to depict the transmission of user data for a particular app
The Report noted that some privacy practices may not be within the platforms' control. For example, although a platform would know what information the app is collecting through APIs, a platform would not necessarily know what information the app is collecting directly from consumers or what information the app is sharing with third parties. To remedy this situation, the Report suggests:
- promoting app developer best practices regarding data collection and sharing
- providing consumers with clear disclosures about the extent to which platforms review apps prior to selling them in the app stores and whether the platform conducts compliance checks after the apps have been placed in the app stores
- considering a Do Not Track mechanism for smartphone users to allow consumers to choose to prevent tracking by ad networks or other third parties
App Developers
The Report states that apps should have a privacy policy and make that policy available through the platform's app store. The FTC suggested that app developers would hasten to comply with this practice given the California Attorney General's recent efforts, which included releasing privacy and transparency recommendations for the mobile industry and sending out warning letters to one hundred app developers notifying them that they are not in compliance with California law, which requires the posting of a privacy policy. The Report also offered additional recommendations:
- provide just-in-time disclosures and obtain affirmative express consent before collecting and sharing sensitive information (to the extent the platforms have not already done so)
- improve coordination and communication with ad networks and other third parties and provide just-in-time disclosures and obtain affirmative express consent when collecting sensitive information outside the platform's API, such as financial, health, or children's data, or when sharing sensitive data with third parties
Ad Networks and Other Third Parties
The Report states that advertising networks and other third parties should:
- communicate with app developers so that the developers can provide truthful disclosures to consumers
- work with platforms to ensure effective implementation of a mobile Do Not Track for mobile
App Developer Trade Associations
With regards to improving privacy, the FTC suggests that app developer trade associations and privacy researchers should:
- develop short form disclosures for app developers, including
standard privacy icons easily recognizable by users
- promote standardized app developer privacy policies that will enable consumers to compare data practices across apps
- educate app developers on privacy issues.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.