Author Archive
California Tech Giants Agree to Deal on Privacy Policies for Apps
Last week California Attorney General, Kamala D. Harris, reached a significant agreement with six of the largest “mobile as a platform” companies, including Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research In Motion.
The agreement “is designed to ensure that mobile apps comply with the California Online Privacy Protection Act. The Act requires operators of commercial web sites and online services, including mobile apps, who collect personally identifiable information about Californians to conspicuously post a privacy policy.”[1]
Below is a summary of the core principles put forth in the agreement:
- An application that collects data from the user must have a clear privacy policy, describing the data collection and usage practices
- During the app submission process, the “mobile as a platform” companies must provide a clear space for app developers to submit their privacy policies
- These companies will provide a mechanism for consumers to report those apps which do not have privacy policies
- The companies will work on creating a mechanism for reporting and responding to non-compliance of the above terms
- The companies will work closely with the CA Attorney General to develop and promote best practices as well as policies in the mobile privacy arena.
This step by a state agency is indicative of the current need to have some kind of regulation in the wholly unregulated and burgeoning territory of privacy and mobile apps. Those app developers who are in sync with the changing privacy environment will do well by adopting clear and coherent privacy policies clearly establishing their data collection practices and following those practices.
To learn more, read the full press release here. Additionally, The California Online Privacy Protection Act can be found here. Other useful articles about this agreement have been written by The Wall Street Journal, Bloomberg News, GigaOm and PR News Wire.
The FTC Raises Privacy Questions About Mobile Apps for Children
The Federal Trade Commission (FTC) released a report today regarding the survey of mobile apps for children. The FTC report comes at a time when there is an increasing call for mobile app developers to provide clear and transparent policies regarding data collection and usage.
According to the FTC report:
- “All members of the “kids app ecosystem” – the stores, developers and third parties providing services – should play an active role in providing key information to parents.
- App developers should provide data practices information in simple and short disclosures. They also should disclose whether the app connects with social media, and whether it contains ads. Third parties that collect data also should disclose their privacy practices.
- App stores also should take responsibility for ensuring that parents have basic information. “As gatekeepers of the app marketplace, the app stores should do more.” The report notes that the stores provide architecture for sharing pricing and category data, and should be able to provide a way for developers to provide information about their data collection and sharing practices.”
Privacy, especially that of children, is an important issue. We must all work together to create awareness about what current regulations entail as well as mobile app best practices. This will benefit app users and the industry itself .
MMA Privacy Guideline for App Developers
At media post’s ‘Mobile Insider Summit’ local media guru Gordon Borrell pointed out that there was a paradigm shift-taking place in advertising; with most ad budgets being shifted from web to mobile. He pointed out that that the local mobile ad revenue was expected, to shoot up from the current $2 billion per year to $24 billion by 2016.[1]
Whether its retailers like best buy , game developers , or credit card companies like master card; the mobile market place is going to continue its steady and fast paced growth. Developers will continue to churn out apps (the vehicle of growth) for the mobile market.
With this growth there arises a question about consumer privacy, data collection + security and over all transparency. A combined study by TRUSTe and Harris interactive , indicated that, “The vast majority of survey respondents (98%) believe that privacy is an important issue when using a mobile device and they want more transparency and choice over the personal information mobile apps and websites collect and share, especially as it relates to targeted advertising and geo-location data”.
Since Keeping this back ground in mind, the Mobile Marketing Association recently released MMA Mobile Application Privacy Policy guideline
This document offers a much needed guideline to app developers, on how to construct their own privacy policies. As Alan Chapell, Co-chair of the MMA Privacy & Advocacy Committee, states, “Our guidelines offer developers the foundation from which to craft a document that reflects the privacy practices of each of their apps and helps them stay in compliance with applicable law and industry standards. We urge app developers to consult with their legal counsel when adapting these guidelines for their purposes.”
This self regulatory push is indicative of the industry stepping upto provide support and set standards for the rapidly growing though still young and constantly evolving mobile app industry.
At Pontiflex we believe that transparent privacy and data collection practices & the power of choice in the hands of the consumer, form the fundamental basis of good business. Given that, the MMA guidelines are a step in the right direction.
Privacy Trends in 2012
The last year has been illustrative of how important privacy practices are. Privacy and data security are going to be even more crucial in the coming year. For this reason , Avantika Banerjee, our Legal & Policy Analyst, put together a list of what we can expect to see this year when it comes to privacy. See below for her 2012 predictions:
I. All eyes are on mobile
- With the aggressive and continued growth of mobile usage, there will be a greater need for creating consolidated privacy standards in the mobile arena
- Privacy guidelines will have to clarify the manner in which data is being collected and used
- In keeping with this trend, the MMA released a privacy policy framework for mobile applications, which serves as a starting point; Covington and Burlington has provided a succinct summary and analysis of the MMA framework here
II. Push for data breach notification regulation at the federal level
- The number of data breaches has been consistently growing; to combat this 47 states now have data breach notification laws
- There is no single federal regulation dealing with data breach, and there is going to be a stronger push for such a legislation
III. EU standards will set the bar for privacy norms
- The new proposed EU data protection regulation is set to replace the original EU Data Protection Directive 95/46
- This proposal consists of standards that are more stringent than the current ones
- The new regulation will apply to non-EU companies that interact with data subjects within the EU, or whose activities involve monitoring the behavior of data subjects within the EU; it will impact multiple categories of online service providers
- IAPP (International Association of Privacy Professionals) has provided a brief summary and analysis of the regulation here
IV. COPPA steps up its standards
- Childrens Online Privacy Protection will be a major issue and more stringent standards are going to be applied
- The FTC has proposed amendments to the existing act, in keeping with the changing environment.
V. The FTC plans to release its Privacy Report
- The report titled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers” will be released in early 2012
- This report will play a significant role in influencing privacy practices and will follow up from the original report published in 2010
VI. There will be a greater need for data encryption at all levels
VII. Third party privacy certification providers will be in high demand
- Certification and auditing services will become more prominent as a result
VIII. Privacy Impact assessments will play a stronger role in a company’s security structure
- These assessments will gauge the health and relevancy of a company’s data security and privacy practice
IX. Deceptive privacy practices will be heavily scrutinized
- Company Privacy Policies will be scrutinized at greater length and will have to accurately present the company data practices
- The FTC is going to play a stronger role in aggressively penalizing those companies that are not adhering to their written privacy policies
- Recent examples illustrating this include the settlement with Facebook and ScanScout
X. Privacy by design will become more widely accepted
Privacy! Privacy? Privacy?!
Privacy! Privacy? Privacy?!
There we go, that pretty much sums up the industry attitude regarding privacy policies. Some are surprised by how important a role it is playing in every sphere today. Some are not quite clear what it really entails and how these policies impact their firm/organization, while others are somewhere in between and just going with the flow.
Fact of the matter is that online privacy policies today, are here to stay and are an integral part of the fabric of any online service, internet start up or organization.
We are increasingly living, working and playing in a world which is virtual/online and our unique personal data, including personal information, usage habits, socio-economic back ground, buying trends etc are all up for grabs and have significant economic value.
This data can be used, abused and traded as a commodity; Which is where protection of personal data and consequently application of a concrete and transparent privacy policy comes in.
From a consumer perspective, issues regarding privacy with major tech giants such as google and facebook, incidents like the wiki leak episode have brought to the forefront the crucial role that well thought out privacy laws/policies play in today’s information based market economy.
At a regulatory level, the Federal Trade Commission has unveiled a privacy report which puts forth proposals for consumer privacy keeping in mind advancements in technology; the Department of commerce recently revealed a report envisions a privacy bill of rights, calling for overhauls of data breach, and electronic communications laws. These proposals are a clear indication to the market, especially in the realm of social media to sit up and take note.
I have a background in law. But a knowledge of the company’s privacy principles can no longer be confined to the legal department of an organization. Every employee should understand their organization’s stance on the privacy issue. It is that important.
Arun Krishnan
Jason Penta
zlasker
Roshan Bangera
Jordan Cohen
eadlman
Geoff Grauer
Jerrie Gullick
Jon Beardsley
Nick Herman
Stacy Huggins
Tiffany Sumner
Avantika Banerjee
Daniel Egan
Lisa Khan
tgeisenheimer
pontiflexrob
Ganesh Prabhu
