Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in Consumer Privacy

App Privacy is in the News Again

UPDATE:  In the FTC’s first case involving apps, the Commission today announced a COPPA settlement with W3 Innovations, a developer of mobile applications for Apple’s iPhone and iPod Touch, which will be required to pay a $50,000 penalty and delete illegally collected data.  The FTC said the app developers illegally collected and disclosed personal information from tens of thousands of children under age 13 without their parents’ prior consent:

In addition to collecting and maintaining children’s email addresses, the FTC alleges that the defendants also allowed children to publicly post information, including personal information, on message boards. These interactive apps send and receive information via the Internet, and are online services covered by the COPPA Rule, according to the FTC complaint.

The FTC’s COPPA Rule requires that website operators notify parents and obtain their consent before they collect, use, or disclose children’s personal information. The Rule also requires that website operators post a privacy policy that is clear, understandable, and complete.

According to the complaint, the defendants did not provide notice of their information- collection practices and did not obtain verifiable parental consent before collecting and/or disclosing personal information from children. The FTC charged that those practices violated the COPPA Rule.

Some say “PC’s may be going the way of the typewriter”  given the proliferation and growing reliance on tablets and mobile devices, which are handling more of the computing once done exclusively on personal computers. An article in today’s Wall Street Journal  explains:

[m]obile devices have [] helped disrupt the distribution and pricing of software. The “app store” model, pioneered by Apple and emulated by Google and others, has given tablet and smartphone users speedy access to programs that are frequently free or cost less than $5—undermining a model that grew up around stores selling disk-based PC programs that routinely cost $40 to more than $100

With apps come an array of privacy issues.  With software hosted locally, the privacy issues are circumscribed. The user knows who is getting his or her data and how it will be used.  In the app world, which often implicates cloud computing, there is a serious question of how app developers will handle privacy. A recent study by the Future of Privacy Forum, founded and co-chaired by Hogan Lovells’ privacy lead Chris Wolf, found that nearly three-quarters of the most -downloaded mobile apps lacked even a basic privacy policy.  In May, Sen. Al Franken (D-Minn.) sent a letter to the chief executives of Apple and Google asking that their companies require app makers to have clear, understandable privacy policies. 

In a New York Times article today entitled “Industry Tries to Streamline Privacy Policies for Mobile Users,” a new tool for app developers to create a mobile privacy policy is described as is an industry-led effort to provide an opt-out of targeted advertising based on the collection of user information.  On the issue of whether an app developer should spend money to develop a privacy policy to advise and empower consumers with respect to the collection and use of information from them, Hogan Lovells’ Chris Wolf is quoted:

The cost for a legal consultation, which can range from a couple of hundred dollars to thousands, can also be a deterrent for small app developers looking to create privacy policies. But Christopher Wolf, a partner at the Hogan Lovells law firm and a co-chairman of the Future of Privacy Forum, said app developers should not claim cost as an excuse.

“I think it’s a cop-out for app developers to say they don’t have the budget for it,” Mr. Wolf said. “It’s an investment for any business that deals in consumer data. They ought to build it into the development cost.”

“Privacy by Design,” which has been described as a growing global trend, at a minimum requires app developers to articulate what they are doing with personal data, e.g.  in privacy policies. A resource to assist app developers in building privacy into their apps is hosted in a new web site, www.applicationprivacy.org developed by the Future of Privacy Forum.  Also, the Privacy & Advocacy committee of the Mobile Marketing Association (MMA) is focused on outlining global best practices as they relate to protecting the consumer’s private information.  The MMA is hosting a free webinar on September 22 in which Hogan Lovells’ Chris Wolf will participate, and described this way:

As mobile marketing continues to grow, the use of data for analysis and personalization has become increasingly important in successfully providing relevant services to users. Some of the uses of mobile data, such as location and device IDs have started drawing scrutiny by media, policymakers and advocates.

What are the issues that are creating concerns? How can you avoid the risks? What are the emerging best practices? What is the MMA doing? Join leaders of the MMA and the Future of Privacy Forum to learn how you can navigate the legal and policy challenges facing the mobile advertising ecosysytem.

Registration for the free MMA webinar is accessible here.