February 28, 2012
Mobile application developers have been put on notice by the state of California and a handful of mobile platforms that they need to be more forthcoming about the data they are collecting from users.
Last week, six companies, including Apple and Google, reached an agreement with the California’s attorney general to help insure there is greater privacy controls in place for mobile apps. The other big privacy news last week was that the Obama administration announced a consumer bill of rights calling for general privacy legislation, which could see more mobile Web browsers including a Do Not Track button.
“It was a gigantic, landmark week for privacy,” said Jules Polonetsky, director and co-chair of the Future of Privacy Forum, Washington.
“The agreement with California’s attorney general is going to mean a coming of age for many app developers,” he said.
“Do Not Track does not have immediate consequences for mobile but it is expected to.”
Appls and privacy
Mobile app privacy is getting a lot of attention right now following revelations that iPhone apps for Path, Facebook, Twitter, Foursquare and others are uploading users’ contact names and phone numbers – often without permission.
The Federal Trade Commission also recently week came out with a report showing that neither app stores nor the app developers provide the information parents need to determine what data is being collected from their children, how it is being shared or who will have access to it.
In a survey conducted by the Future of Privacy organization, about 30 percent of app developers provide users with privacy policies.
However, this is really just the first step that app developers need to take.
“People do not read privacy policies,” Mr. Polonetsky said. “You still need to tell users about anything that is significant beyond the policy.
“We are going to continue to have a lot of attention to what apps are doing with data and are they acting responsibly,” he said.
“From the beginning, Android has had an industry-leading permissions system which informs consumers what data an app can access and requires user approval before installation," said a Google spokeswoman. "Coupled with the announced principles, which we expect to complete in the coming weeks, consumers will have even more ways to make informed decisions when it comes to their privacy.”
App market grows
This is an important step as the app market continues to grow, with 98 billion apps expected to be downloaded by 2015. Currently, there are more than 50,000 individual developers, according to California’s attorney general office.
If developers do not comply with their stated privacy policies, they can be prosecuted under California's Unfair Competition Law and/or False Advertising Law.
Do Not Track
The other big privacy related news last week was a proposal from the Obama administration for a privacy bill of rights. In it, the administration calls for different industry groups to convene and come up with self-regulatory rules regarding privacy that would be enforceable by the Federal Trade Commission.
“It is very possible that the mobile industry will be one of the areas that looks to create enforceable self regulatory codes,” Mr. Polonetsky said. “The goal is to get industry groups to the table.
“The Department of Commerce is going to be inviting multi-stakeholder groups, industry advocates, regulators and others to hash out the issues and come to a consensus around sector specific agreements,” he said.
Already, a large group of Internet companies have agreed to enable “Do Not Track” buttons on browsers so that users can opt-out of being tracked across multiple web sites.
The program supported by the Digital Advertising Association does not currently encompass mobile browsers. However, Firebox already includes a Do Not Track mechanism in its mobile browser and mobile advertising network Jumptap said it would support the effort.
“So far, the DAA program does not specifically cover mobile browsers but there are plans,” Mr. Polonetsky said.
“It is certainly likely to be relevant for mobile Web sites,” he said. “There is no way to do Do Not Track for apps.”