On September 5, 2012, The Federal Trade Commission (“FTC”) announced the publication of a guide (the “Mobile App Marketing Guide”) designed to assist mobile application (“app”) developers to observe truth-in-advertising and basic data privacy and security principles when promoting their technologies. For more than a decade, the FTC has examined consumer protection issues arising in conjunction with the widening deployment of mobile technology. This latest publication highlights the FTC’s ongoing interest in encouraging companies that develop mobile apps to build compliant privacy protocols into their operating policies from the beginning, rather than attempting to incorporate them later.

According to the FTC, this “privacy by design” approach involves developing policies that (1) limit the information companies collect from consumers, (2) provide for securely storing the information about consumers companies elect to keep and (3) provide for safely disposing information that is no longer needed. The FTC offers the following guidelines for privacy protocols that all app developers should consider:

  1. Make Users Aware of Privacy Issues. Companies should clearly and conspicuously explain the types of information an app collects from users or their devices and what is done with such information, including potential uses by third-party companies that users’ information is disclosed to. In addition, companies should give users tools that offer choices in how to use their apps, such as privacy settings, opt-outs, or other ways for users to control how their personal information is collected, used and distributed. These measures help to ensure that users do not unknowingly or unwillingly disclose information they do not intend to share.
  2. Honor Privacy Promises. Mobile app developers, like all other businesses, are required to abide by promises made to consumers regarding the use of personal information and the security standards they apply to protect it. Privacy policies should therefore include procedural measures to ensure that stated protocols are observed.
  3. Protect Children’s Privacy. Companies that design specialized apps for children or knowingly collect personal information from children should be aware of special requirements under the Children’s Online Privacy Protection Act.
  4. Collect Sensitive Information Only with Consent. Companies should secure users’ affirmative consent before collecting any sensitive data such as medical, financial, or precise geolocation information.

The Mobile App Marketing Guide advises companies to apply the above principles to an app’s default settings. Finally, the FTC suggests that companies should require the affirmative permission of users before making material changes to their privacy policies. “Just editing the language in your privacy policy isn’t enough in those circumstances,” the FTC said.

The FTC offers numerous other resources to help companies develop data privacy and security policies that are appropriate for the businesses. For more information, visit the FTC’s Bureau of Consumer Protection Business Center at http://business.ftc.gov/.