FTC recommends new privacy guidelines for mobile app platforms and developers
The Federal Trade Commission today released a new report, which outlines recommendations for mobile platforms and mobile app developers across the country to better inform its users what personal data is being collected and how the data is being used. The report comes less than a month after the California Attorney General’s office released its own privacy guidelines for mobile app developers in the state.
FTC Chairman Jon Leibowitz, who yesterday announced his resignation, said in a statement, “the mobile world is expanding and innovating at breathtaking speed, allowing consumers to do things that would have been hard to imagine only a few years ago. These best practices will help to safeguard consumer privacy and build trust in the mobile marketplace, ensuring that the market can continue to thrive.”
The FTC, the federal agency that oversees business practices, stated that mobile devices “facilitate unprecedented amounts of data collection” because users, for the most part, have their mobile device on and with them at most times. In an effort to improve mobile privacy disclosures, the FTC recommended platforms and developers provide privacy data disclosures to consumers before allowing an app to access sensitive content like geolocation and for other personal data such as photos, contacts or calendar entries.
The FTC also recommended that platforms consider implementing a version of Do Not Track (DNT), the privacy mechanism that allows users to prevent tracking by ad networks or other third parties. Multiple desktop web browsers already support DNT including Firefox, Internet Explorer, Chrome and Safari. Mozilla’s Firefox mobile browser has the DNT mechanism and Apple’s Safari has a “limited ad tracking” slider for iOS, but despite Mozilla’s and Apple’s DNT support on mobile, the privacy mechanism is not as standard on mobile as it is on desktops.
At the end of 2012, the FTC strengthened its more than a decade-old child online privacy laws, in particular, the Children’s Online Privacy Protection Act (COPPA). The new laws require child-directed websites and online services to obtain parental consent before collecting children’s personal information like geolocation data or photos before sending the data off to third-party companies. Although, the updated rules explicitly exempt app “platforms” such as the Apple App Store and Google Play from complying with COPPA since the app stores only offer “public access” to kids’ apps, as opposed to targeting kids directly and exclusively.