The Privacy Rights Clearinghouse (“Clearinghouse”) recently released a study funded by the California Consumer Protection Foundation examining the potential privacy risks of mobile health and fitness apps. The study analyzed 43 popular health and fitness apps (free and paid) to identify potential privacy issues based on the data collected, stored, and transmitted by those apps.
In addition to the study, the Clearinghouse issued a “how to” guide for mobile app developers that lays out a list of best practices for building privacy into mobile apps. Among other suggestions, the guide recommends that developers avoid unencrypted (http) connections to transmit data from the app and instead utilize an encrypted (https) connection. The Clearinghouse also recommends the use of privacy policies that clearly inform users of what data is being collected and what it will be used for, suggesting that the best way to do this is through contextual pop-up notices.
The release of the study is a reminder that app developers and other members of the mobile wireless ecosystem should review their existing data privacy and security practices for compliance with applicable Federal and state laws, especially as they deploy new consumer-oriented services. For example, making sure that privacy notices are in place and updated to reflect current activities and data practices can help decrease the risk of consumer confusion, regulatory enforcement, and potential litigation.