February 1st was a big day for the Federal Trade Commission (FTC). Not only did the FTC release its report regarding mobile privacy disclosures, it also announced that it had reached a settlement with Path, a social networking app, which agreed to pay $800,000 to settle charges that it deceived users by collecting personal information from their mobile address books without their knowledge and consent, and that it collected personal information from children without their parents’ consent in violation of the Children’s Online Privacy Protection Act (COPPA).
The FTC’s report entitled “Mobile Privacy Disclosures: Building Trust Through Transparency” provides specific recommendations on improving mobile privacy disclosures for mobile platforms, app developers, advertising networks, and other third parties. Most notably, the report recommends that mobile platforms provide “just-in-time” disclosures to consumers and obtain their affirmative consent before allowing apps to access sensitive content, such as geolocation data. The report also recommends that mobile platforms consider providing “just-in-time” disclosures and obtain affirmative consent for other sensitive content, such as contacts, photos, calendar entries and audio/video content. The report further recommends that mobile platforms consider developing a one-stop “dashboard” approach to allow consumers to review the types of content accessed by the apps they have downloaded as well as icons to depict the transmission of user data. The report recommends that mobile platforms consider offering a Do Not Track (DNT) mechanism for smartphone users and makes several other recommendations aimed at providing better disclosures to consumers regarding mobile privacy.
The report also makes a number of recommendations to app developers, including that they have a privacy policy that is easily accessible through the app stores, provide “just-in-time” disclosures and obtain affirmative consent before collecting and sharing sensitive information, improve coordination and communication with ad networks and other third parties and participate in self-regulatory programs and industry organizations. In addition, the report recommends that advertising networks and other third parties communicate with app developers so that those developers can provide truthful disclosures and work with platforms to ensure effective implementation of DNT. Finally, the report suggests that app developer trade associations, academics and experts develop short-form disclosures for app developers, promote standardized app developer privacy policies and educate app developers on privacy issues.
To further the underscore the importance of mobile privacy, the FTC announced the report on the same day it announced its $800,000 settlement with the social networking app Path. The settlement stemmed from charges that Path’s app user interface and privacy practices were misleading and did not provide consumers with meaningful choices regarding the collection of their personal information. The FTC also alleged that Path’s privacy policy deceived consumers by claiming it automatically collected only certain user information when it actually collected and stored additional personal information. Path was also charged with violating COPPA by collecting personal information from approximately 3,000 children under thirteen without obtaining prior parental consent.
The Way I See It
- I see regulators investigating misleading privacy practices in all areas of the mobile app ecosystem—not only those who develop app content.
- I see a renewed focus by businesses on their mobile privacy policies to ensure that those policies reflect their actual mobile data collection and usage practices.
- I see increased communication and cooperation among the various app players who can no longer take a “not in my back yard” approach.