Mobile apps are off the hook! For those of us a bit older, the world clearly is “Going Mobile.” Just this week, the White House launched its new mobile app, the Pew Research center released a study on Americans’ privacy concerns with apps, Angry Birds marked Freddie Mercury's birthday by giving him a cameo appearance and most importantly to all of you the FTC published its new guide for app developers on how to market their products legally. The FTC’s guide gives mobile app developers a primer on observing the agency’s advertising and privacy principles, noting that an app’s compliance program should be designed from the product’s launch. The guide emphasizes that even the smallest app distributer is considered an advertiser, so the FTC will not entertain any excuses for non-compliance – not even from the little guys.
The FTC’s guiding principles for apps are very similar to other truth-in-advertising standards in traditional marketing formats. For example, app developers must be honest about what the app can do. Like the substantiation standards in other contexts, if objective claims are made about the app, "competent and reliable" evidence is required. If health or performance claims are advertised in the app, "competent and reliable scientific evidence" is the standard.
Key information about an app must also be disclosed clearly and conspicuously; app disclosures cannot be buried in long licensing agreements or only found by following vague hyperlinks. The mobile app guide does not help developers figure out to make these clear and conspicuous disclosures on the limited real estate of mobile devices. Perhaps the FTC’s updated “Dot Com Disclosures” guidance promised for this Fall will help on that front.
The FTC’s guide also encourages app developers to build privacy protections into the technology from the get-go and to limit the amount of information collected to what is necessary. The FTC advises that apps offer choices to users, like opt-outs and privacy settings, that are easy to find and easy to use.
App developers should also be transparent about their data practices. If the fact that an app collects information about the user is unclear to the user, the developer should be sure to get a user’s express consent before the data is collected. Sensitive information (for example, a person’s medical, financial, or precise geolocation data) should never be collected without the express agreement of the consumer. The FTC’s guide warns that it’s a mistake for an app developer to simply assume a user won’t mind if an app collects their personal data.
Apps designed for children, of course, raise special concerns. If an app developer knows that it’s collecting personal information from kids, it must be sure the program is in compliance with the additional requirements of the Children’s Online Privacy Protection Act.
Finally, the FTC notes that any app collecting user data must have a system in place to ensure that the data is securely kept. App developers are required to honor any representation they make to users about their data privacy practices. After all, the FTC expects app developers – just like all other marketers—to keep the promises they make.