ARTICLE
19 February 2013

FTC Releases Staff Report On Mobile Privacy

HK
Holland & Knight

Contributor

Holland & Knight is a global law firm with nearly 2,000 lawyers in offices throughout the world. Our attorneys provide representation in litigation, business, real estate, healthcare and governmental law. Interdisciplinary practice groups and industry-based teams provide clients with access to attorneys throughout the firm, regardless of location.
Beyond the obvious benefits of the latest generation of smartphones, mobile technology presents multiple privacy challenges.
United States Privacy

Richard Raysman is a Partner in our New York office

Beyond the obvious benefits of the latest generation of smartphones, mobile technology presents multiple privacy challenges. Mobile devices are almost always on, and nearby, and produce large amounts of data that might be shared among the many entities of the mobile ecosystem, including wireless carriers, mobile operating system providers, handset manufacturers, app developers, web analytics companies, and online ad networks.  Moreover, it is more difficult to educate consumers about mobile data collection because the small size of mobile phone screens presents practical challenges in how to notify consumers about the extent of data collection and information sharing. 

This past month, the FTC released a new staff report, Mobile Privacy Disclosures: Building Trust Through Transparency, that offers recommendations to a host of industry participants– platforms, app developers, ad networks and analytics companies, and app trade associations.  The Report points out that if strong privacy codes are developed, the FTC will view adherence to such codes favorably in connection with its law enforcement work.

Mobile Platforms

The FTC noted that mobile platforms such as Apple are gatekeepers to the app
marketplace and can improve mobile privacy disclosures, such as setting requirements for app developers and fine-tuning the interface in the app stores.  Among other things, the agency recommends: 

  • provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geolocation or other content  that consumers would find sensitive in certain contexts (e.g., contacts, photos, calendar entries, or recorded audio or video content)
  • develop a one-stop "dashboard" approach to allow consumers to review the types of content accessed by their downloaded apps 
  • develop icons that would be displayed on the top edge of smartphone screens to depict the transmission of user data for a particular app

The Report noted that some privacy practices may not be within the platforms' control. For example, although a platform would know what information the app is collecting through APIs, a platform would not necessarily know what information the app is collecting directly from consumers or what information the app is sharing with third parties. To remedy this situation, the Report suggests: 

  • promoting app developer best practices regarding data collection and sharing 
  • providing consumers with clear disclosures about the extent to which platforms review apps prior to selling them in the app stores and whether the platform conducts compliance checks after the apps have been placed in the app stores
  • considering a Do Not Track mechanism for smartphone users to allow consumers to choose to prevent tracking by ad networks or other third parties

App Developers

The Report states that apps should have a privacy policy and make that policy available through the platform's app store. The FTC suggested that app developers would hasten to comply with this practice given the California Attorney General's recent efforts, which included releasing privacy and transparency recommendations for the mobile industry and sending out  warning letters to one hundred app developers notifying them that they are not in compliance with California law, which requires the posting of a privacy policy.  The Report also offered additional recommendations: 

  • provide just-in-time disclosures and obtain affirmative express consent before collecting and sharing sensitive information (to the extent the platforms have not already done so) 
  • improve coordination and communication with ad networks and other third parties and provide just-in-time disclosures and obtain affirmative express consent when collecting sensitive information outside the platform's API, such as financial, health, or children's data, or when sharing sensitive data with third parties

Ad Networks and Other Third Parties

The Report states that advertising networks and other third parties should:

  • communicate with app developers so that the developers can provide truthful disclosures to consumers
  • work with platforms to ensure effective implementation of a mobile Do Not Track for mobile

App Developer Trade Associations

With regards to improving privacy, the FTC suggests that app developer trade associations and privacy researchers should:

  • develop short form disclosures for app developers, including standard privacy icons easily recognizable by users

  • promote standardized app developer privacy policies that will enable consumers to compare data practices across apps
  • educate app developers on privacy issues.

www.hklaw.com

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More