FTC: mobile "ecosystem" of stakeholders needs more effective privacy disclosures

Tools

In an effort to build consumer trust through transparency, the Federal Trade Commission is urging companies to do a better job of making mobile privacy disclosures by implementing the agency's recommendations set forth in a new FTC staff report (.pdf).

As the report points out, mobile devices raise a number of potential privacy risks and informing consumers of those risks presents significant challenges. To help companies improve their mobile privacy disclosures, the report distills the commission's prior work on these issues, along with panel discussions and written submissions, putting forward a number of recommendations for mobile platforms, application developers, advertising networks and other third parties, as well as trade associations.

When it comes to mobile platforms such as Apple's iOS, Google's Android, RIM's BlackBerry OS, and Microsoft's Windows Phone, the FTC recommends that these companies provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geolocation. The agency also suggests that they provide just-in-time disclosures and obtain affirmative express consent for other content that consumers would find sensitive in many contexts, such as contacts, photos, calendar entries, or the recording of audio or video content.

In addition, the FTC asks that mobile operating system companies consider developing a one-stop dashboard approach to allow consumers to review the types of content accessed by the apps they download. The commission also asks that these companies provide consumers with clear disclosures about the extent to which platforms review apps prior to making them available for download in the app stores, such as the Apple App Store, Google Play, BlackBerry App World, and Microsoft's Windows Store, and conduct compliance checks after the apps have been placed in the app stores. 

Another recommendation from the FTC is that these companies should consider offering a Do Not Track mechanism for smartphone users, which would allow consumers to choose to prevent tracking by ad networks or other third parties as they navigate among apps on their phones. 

The FTC recommends that app developers should have a privacy policy and make sure it is easily accessible through the app stores, and improve coordination and communication with ad networks and other third parties, such as analytics companies, that provide services for apps so the app developers can provide accurate disclosures to consumers. For example, the FTC report states, app developers often integrate third-party code to facilitate advertising or analytics within an app with little understanding of what information the third party is collecting and how it is being used. 

According to the report, advertising networks and other third parties should communicate with app developers so that the developers can provide truthful disclosures to consumers, and work with platforms to ensure effective implementation of Do Not Track mechanisms for for mobile users. For their part, app developer trade associations, academics, usability experts and privacy researchers might develop short form disclosures for app developers, promote standardized app developer privacy policies that will enable consumers to compare data practices across apps, and educate app developers on privacy issues. 

For more:
-download the FTC staff report (.pdf)

Related Articles:
FTC: Mobile app industry failing on privacy disclosures in kids' apps
Mobile Device Privacy Act calls for vendors to disclose monitoring
Transparency not enough for mobile app privacy protection, say stakeholders