Today the Staff of Federal Trade Commission (FTC) issued a report titled Mobile Privacy Disclosures: Building Trust Through Transparency that makes recommendations for best practices in safeguarding user privacy on mobile devices. The report is aimed at mobile platform providers, app developers, third-party advertisers and analytics companies, and app industry trade associations. The goal of the report is to help these entities improve the manner in which they inform consumers about the safety of their data.
The report begins by summarizing the FTC’s work to date in shaping the mobile privacy practices framework, including its enforcement actions, workshops, multi-stakeholder outreach, and policy initiatives. The recommendations in the report encompass and build on those efforts.
For mobile platform providers such as Apple, Google, Amazon, Microsoft and Blackberry, FTC Staff recommends:
- Providing just-in-time disclosures to consumers, which include the consumer’s affirmative express consent to the collection of data, prior to allowing apps to access sensitive data, such as geolocation, contacts, photos, calendar entries, or recording audio or video content;
- Developing a one-stop “dashboard” as part of the mobile platform operating system that allows consumers to review and choose the types of content accessed by apps;
- Developing icons to depict the transmission and type of user data;
- Encouraging app developer best practices by requiring privacy disclosures and educating app developers accordingly;
- Providing consumers with information regarding whether the platform provider reviews apps prior to making them available in app stores;
- Conducting compliance checks after the apps have been placed in the app stores to ensure they comply with their own policies; and
- Offering a Do Not Track (DNT) mechanism for smartphones allowing consumers to opt out of tracking by ad networks or other third parties.
For app developers, the report recommends:
- Privacy policies that are easily accessible through the app stores and accurately reflect the app developers privacy practices;
- Providing real-time disclosures and a mechanism to obtain the consumer’s express consent to the collection of data;
- Reviewing relationships and contracts with ad networks and other third parties, such as data analytics companies, to make sure the app developer understands how the third party collects and uses the data – this will also help the app developer provide accurate privacy disclosures; and
- Participating in self-regulatory programs and working with trade associations and industry organizations.
For advertising networks and third-party analytics companies, the report suggests:
- Coordinating with app developers to make sure they understand how the data is being collecting and used, which will help the app developer make complete and truthful disclosures to consumers; and
- Working with mobile platform providers to ensure effective implementation of DNT technology for mobile devices.
For app trade associations and industry groups that represent app developers, the report suggests:
- Placing standardized, “clickable” icons depicting privacy practices in the status bar of a smartphone which would allow the consumer to determine why the app is collecting the data;
- Developing trusted “privacy badge” icons for app developers to use if the app developer has demonstrated that it meets a particular association’s standard privacy practices;
- Promoting standardized app developer privacy policies that will enable consumers to compare data practices across apps and force app developers to consider more closely the data they collect;
- Educating app developers on the importance of privacy protection.
The full staff report is available here.