Industry, advocates finalise mobile app guidelines
A group of industry lobbyists and privacy rights advocates have voiced support for new voluntary guidelines for mobile apps that should make it easier for American consumers to know what personal information is getting sucked from their smartphone or tablet and passed along to marketers.
The plan will likely provide a brief, easy-to-read snapshot of an app’s privacy policies, similar to nutrition labels on food packages. The snapshot would give consumers the bottom line on what information the software collects, such as physical location, surfing habits and personal contacts, and how that data might be used or shared with other companies.
The new labels won’t replace lengthy privacy policies that consumers rarely read anyway. And how widespread these labels become is up to industry. While some key industry groups said they liked the idea — albeit with caveats about testing the proposal first — it’s up to individual companies and developers to decide whether they want to comply. It could take several months for companies to test and implement the labels.
Still, the emerging consensus was considered a major step forward for privacy rights advocates who say consumers have been in the dark when it comes to the widespread collection of their personal data.
“For the first time many consumers will be able to do apples-to-apples comparisons” of different mobile apps’ privacy policies, said Jules Polonetsky, director of the Future of Privacy Forum, a Washington-based group of Internet privacy experts.
Mobile applications like Google Maps, Angry Birds and GasBuddy have become popular, inexpensive ways to personalize smartphones or tablets and improve their functionality. Often free or a couple bucks to download, apps can turn a phone into a sophisticated roaming office or gaming console.
But like all those websites that offer medical advice or parenting tips, there’s a hitch: They want information like your birthdate or ZIP code, and often your location. Developers say data collection is necessary in many cases for the software to work as promised. The personal data also can be sold to marketers, making the app a lucrative reward to its creators.
This aggressive data collection has put industry at odds with consumer advocates, including groups like the American Civil Liberties Union and regulators at the Federal Trade Commission. Last February, the FTC released a report advising companies to offer a “do not track” mechanism for smartphone users and develop icons that show how a person’s data is used.
Tim Sparapani with the Application Developers Alliance, a major industry association of app developers and tech companies that supports the proposed privacy labels, said he expects some consumers will change their behaviour when they see the new privacy labels, but that many won’t.
“We know that consumers love their apps — the downloads per day demonstrates that,” Sparapani said. What the new guidelines will do is “allow for greater transparency and comprehension among consumers of what’s happening.”
This month, new privacy rules by the FTC took effect for mobile apps marketed to children under age 13. Under the updated Children’s Online Privacy Protection Act, companies can’t collect information on kids in most cases unless a parent first gives permission, such as through an electronically scanned consent form. Parental consent is not required when a website operator collects data solely to support its internal operations, which can include advertising, site analysis and network communications.
If companies violate these rules, they could face costly penalties.
In a bid to head off similar regulation for mobile apps used by teens and adults, several dozen tech industry lobbyists and privacy rights advocates teamed up to develop the voluntary disclosure guidelines with help from the Commerce Department’s National Telecommunications and Information Administration. The FTC has said it would look favourably on businesses in any enforcement action that can show it complies with a strong code of conduct, such as the one being negotiated.
John Verdi, director of privacy initiatives at NTIA, said the new labels should make for smarter consumers.
“Compliance with the code will help app developers build and maintain trust with consumers — trust that is crucial to the health of the mobile app marketplace,” Verdi said.
Some groups objected to the proposal, which has been in the works for more than a year. Consumer Watchdog said the final plan would provide only “marginal improvements” in privacy protection and called on the Obama administration to propose legislation. Likewise, Jeff Chester with the Center for Digital Democracy said industry “cannot be expected to challenge their fundamental — and ever expanding — ‘data maximization’ business model.”
But industry groups like the Software & Information Industry Association said they support the effort.
“In a time of rapidly evolving technology, industry self-regulation is the most effective way to maintain the right balance between consumer confidence and continued innovation,” said Ken Wasch, the group’s president.