The Mobile Marketing Association has released a set of proposed guidelines that establish best practices for creating and maintaining privacy policies.
With hundreds of thousands of apps available to consumers, the need for privacy guidelines is greater than ever, the organization said.
The proposed guidelines address three main issues:
- Guidance on privacy principles and consumer-friendly language. The guides recommend that app developers clearly inform consumers about whether their information will be shared with third parties and for what purpose. One example: If the developer sells an app and the information collected about users is transferred as part of the sale, developers should identify the consumer’s mobile advertising network to determine if the network offers an opt-out for users. The app should inform users about their opt-out options, if any, including how an app can be uninstalled.
- Ways to inform users on how data is obtained and used. Consumers typically provide data (credit card information and e-mail address, as examples), and other data is automatically collected, like the mobile device’s IP address, in the course of the downloading process. The guidelines caution app developers that if they collect information from social networking platforms – e.g., friend lists or photos – the app should ensure that prior consent of the user is obtained. Whether the app uses geolocation information should also be disclosed, and if so, how the information is used and whether it is shared. Developers should also inform users about how long data is retained.
- Guidance on security and confidentiality of information. Developers should ensure that the app’s privacy practices are in compliance with the Children’s Online Privacy Protection Act, especially apps that contain images or features that may appeal to children or cause the app to be perceived as being directed toward children – cartoon characters, for example. For all apps, the guidelines suggest that developers use reasonable security procedures and provide an overview to users.
The guidelines emphasize that privacy policies are not a “one-size-fits-all document” and should be customized by app developers to fit the needs of each company and jurisdiction.
“We strongly encourage those using this model policy to consult an attorney and/or privacy professional when crafting your own policy,” the guidelines stress. The proposed guidelines are open for comment until Nov. 18.
To read the guidelines, click here.