Yesterday Kamala Harris, California's Attorney General, issued Privacy on the Go: Recommendations for the Mobile Ecosystem. The report and recommendations are intended to encourage app developers and others in the mobile ecosystem to consider privacy at the beginning of the design process, and to provide detailed suggestions for providing notice of privacy practices.
Privacy on the Go: Recommendations for the Mobile Ecosystem
Most of the recommendations are directed to mobile app developers, but there are also recommendations for others in the industry, including hardware manufacturers, operating system developers, mobile telecommunications carriers, and advertising networks.
The following are some of the more significant recommendations.
Recommendations for App Developers:
- Start with a data checklist to review the personally identifiable data your app could collect, and use it to make decisions on your privacy practices.
- Avoid or limit collecting personally identifiable data not needed for your app's basic functionality.
- Use enhanced measures - "special notices" or the combination of a short privacy statement and privacy controls - to draw users' attention to data practices that may be unexpected and to enable them to make meaningful choices.
- Recommendations for App Platform Providers:
- Make app privacy policies accessible from the app platform so that they may be reviewed before a user downloads an app.
- Use the platform to educate users on mobile privacy.
- Provide app users with tools to report apps that do not comply with applicable laws, or their privacy policies or terms of service about which they have questions.
Recommendations for Mobile Ad Networks:
- Avoid using out-of-app ads that are delivered by modifying browser settings or placing icons on the mobile desktop.
- Move away from the use of interchangeable device-specific identifiers and transition to app-specific or temporary device identifiers.
Recommendations for Operating System Developers:
- Develop global privacy settings that allow users to control the data and device features accessible to apps.
- Work with mobile carriers and other appropriate parties to facilitate timely patching of security vulnerabilities.
- Work with device manufacturers and mobile carriers on setting cross-platform standards for privacy controls, means of enabling the delivery of special privacy notices, and privacy icons.
- Provide tools for app developers that enable comprehensive evaluation of data collection, use, and transmission.
Recommendations for Mobile Carriers:
- Leverage your ongoing relationship with your mobile customers to educate them on privacy protection.
- Encourage consumers to look for privacy choices and controls in apps after downloading.
- Help educate parents on mobile privacy and safety for their children. Consider, for example, providing information on available resources, such as the FTC's information for parents on the Children's Online Privacy Protection Act.
Attorney General Harris is also participating in the multi-stakeholder process facilitated by the National Telecommunications and Information Administration (NTIA) to develop an enforceable code of conduct on mobile app transparency. The next NTIA meeting will be on January 17.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.