Last month the Bureau of Consumer Protection of the U.S. Federal Trade Commission (FTC) issued guidance regarding the marketing of mobile Apps. The guidance should be of interest to companies engaged in cross-border e-commerce activities. It should be noted, however, that minimum compliance with the FTC guidance may not result in a App marketer being fully compliant in Canada.
Among the key points in the FTC’s guidance document, entitled “Marketing Your Mobile App: Get It Right from the Start” are:
- Advertising has a broad compass. The FTC reminds developers that advertising isn’t just a traditional advertisement but includes a range of representations made expressly or by implication about what the product does. The FTC cautions that App marketers require competent and reliable evidence to support objective claims and may require competent and reliable scientific evidence to support health claims.
- Key information must be clear and conspicuous. This isn’t just a matter of the size and readability (although those are obviously important). It also includes the way in which information is layered. Layering information isn’t a licence to hide information behind vague hyperlinks.
- Engage in “privacy by design”. The Ontario Information and Privacy Commissioner’s “privacy by design” approach should be followed. This includes the principles of limiting collection, secure storage and safe destruction. Although the FTC did not emphasize the “privacy by design” principle of privacy as the default, the FTC did note that sharing of data that would not be expected by an average consumer should only be done with express consent. The FTC also states that sensitive information should only be collected and used with express consent. In addition, mobile Apps should offer consumers choices and control over their personal information.
- Honour the promises, including privacy promises, made to consumers. The FTC cautioned that “[c]hances are you make assurance to users about the security standards you apply or what you do with their personal information.” Systemic failure to honour these promises or take reasonable steps to protect personal information may lead to FTC enforcement action.
- Apps designed for children under the age of 13 must comply with the U.S. Children’s Online Privacy Protection Act (COPPA) and the FTC’s COPPA Rule. This will involve additional disclosures and consent requirements. For more information, visit our Data Governance Law blog at DataGovernanceLaw.com