FTC Provides Industry Best Practices for Mobile Privacy

In a staff report released February 1, 2013, the Federal Trade Commission (FTC) provided recommendations to improve privacy disclosures on mobile devices.  The report, titled “Mobile Privacy Disclosures-Building Trust Through Transparency,” focuses on giving consumers simple and timely disclosures on the data being collected and how it is being used, which FTC Chairman Jon Leibowitz hopes will “safeguard consumer privacy and build trust in the mobile marketplace, ensuring that the market can continue to thrive.”

The report is aimed at mobile platforms, application developers, advertising networks and analytics companies, and application developer trade associations.

Before allowing applications to access to consumers’ sensitive content, mobile platforms such as Google, Apple and BlackBerry should provide timely disclosures to consumers and obtain their affirmative express consent. They should also allow for consumers to easily review the content accessed by downloaded applications and the transmission of such data. Furthermore, mobile platforms can patrol application developers by enforcing requirements on privacy disclosures, and can also make clear to consumers the extent to which they review applications before they are made available for download, as well as conduct compliance checks once they are.

Application developers themselves should make a privacy policy easily accessible in application “stores,” and if the mobile platforms have not already done so, provide timely disclosures and obtain affirmative express consent before collecting and sharing sensitive consumer information. Application developers should also communicate better with advertising networks and analytics companies that provide services for applications, so they can provide consumers with more accurate disclosures by better understanding the software these third parties are using.

The onus for improving this communication also falls on the advertising networks and analytics companies themselves. The FTC recommended these companies work with mobile platforms to implement a mobile Do Not Track (DNT) mechanism. Such a mechanism would give consumers the option to prevent the advertising networks and analytics companies from tracking their activity as they use different applications on their smartphones.

Application developer trade associations, in conjunction with application developers, should develop uniform short-form privacy disclosures. The trade associations should also educate application developers on privacy issues and enable consumers to compare data practices across applications through the development of standardized application developer privacy policies.

In developing these best practices for the mobile industry, the FTC has been coordinating with the National Telecommunications Information Administration (NTIA). The NTIA is currently working to develop a code of conduct on mobile application transparency. It is imperative the application industry implement these recommendations and adhere to future privacy codes developed by the NTIA should they wish to avoid federal privacy legislation in the future.

The FTC ‘s report can be found here.