In a report released by the Federal Trade Commission (“FTC”) in February 2013, the FTC makes recommendations for best practices concerning privacy disclosures in the hope of making them more effective. While noting the proliferation of smart phone usage and accessibility of apps, as well as the increasing amount of transparent personal data being shared across platforms, the report’s focus with regard to its recommendations is disclosure.
The report focuses on consistency of disclosures, best practices by service providers and developers, and offers advice to advertising networkers. None of this is mandated, however, and one question that remains is, are the disclosures enough to satisfy the FTC and other regulatory bodies?
Merely informing the consumer that their personal data may be exchanged with third parties when consumers want or need the app is tantamount to boiler plate or adhesion contracts. The consumer is obviously in an inferior bargaining position, and has no means to take exception to the behavior other than not installing the app. This of course presumes that consumer is even aware of how far reaching this data collection is. From geo-location data to user preferences, this information is being shared to partners and partners of partners.
Regardless of how the landscape continues to evolve, anyone who develops or offers mobile apps should seek to ensure that their disclosures are at least up to par with respect to the FTC’s best practices. Another recommendation would be to view a mobile app which you develop as another form of sharing data with third parties and ensure that you follow your own company’s policies as well as specific regulatory requirements for your industry. As an example, regulations for one industry in particular actually require affirmative opt-out provisions for the disclosure of information to third parties.