The FTC issued a report today recommending ways for players in the mobile space to improve privacy practices to ensure that consumers are provided easy-to-understand policies on data collection and usage.
The report makes recommendations for the following entities engaged in the mobile marketplace: “mobile platforms (operating system providers, such as Amazon, Apple, BlackBerry, Google, and Microsoft), application (app) developers, advertising networks and analytics companies, and app developer trade associations.”
According to the FTC’s website:
The report recommends that mobile platforms should:
- Provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geolocation;
- Consider providing just-in-time disclosures and obtaining affirmative express consent for other content that consumers would find sensitive in many contexts, such as contacts, photos, calendar entries, or the recording of audio or video content;
- Consider developing a one-stop “dashboard” approach to allow consumers to review the types of content accessed by the apps they have downloaded;
- Consider developing icons to depict the transmission of user data;
- Promote app developer best practices. For example, platforms can require developers to make privacy disclosures, reasonably enforce these requirements, and educate app developers;
- Consider providing consumers with clear disclosures about the extent to which platforms review apps prior to making them available for download in the app stores and conduct compliance checks after the apps have been placed in the app stores; and
- Consider offering a Do Not Track (DNT) mechanism for smartphone users. A mobile DNT mechanism, which a majority of the Commission has endorsed, would allow consumers to choose to prevent tracking by ad networks or other third parties as they navigate among apps on their phones.
App developers should:
- Provide just-in-time disclosures and obtain affirmative express consent before collecting and sharing sensitive information (to the extent the platforms have not already provided such disclosures and obtained such consent);
- Improve coordination and communication with ad networks and other third parties that provide services for apps, such as analytics companies, so the app developers can better understand the software they are using and, in turn, provide accurate disclosures to consumers. For example, app developers often integrate third-party code to facilitate advertising or analytics within an app with little understanding of what information the third party is collecting and how it is being used.
- Consider participating in self-regulatory programs, trade associations, and industry organizations, which can provide guidance on how to make uniform, short-form privacy disclosures.
Advertising networks and other third parties should:
- Communicate with app developers so that the developers can provide truthful disclosures to consumers;
- Work with platforms to ensure effective implementation of DNT for mobile.
In light of this report, and the general regulatory trend, mobile platform providers, advertising networks and mobile app developers that collect consumer information should immediately review their data collection, usage, sharing, sale and broader privacy practices and seek to ensure compliance with the FTC’s report and additional guidance. Entities that fail to comply with the requirements of this report could find themselves facing regulatory action from the FTC, which could result in significant fines being levied.
If you are interested in learning more about this topic or need to review your privacy practices and/or update your mobile platform, advertising network and/or mobile app privacy policies or related agreements based on this FTC report, please contact us at your convenience.