The Federal Trade Commission (FTC) recently released guidance for mobile app developers. Specifically, on September 5, 2012, the FTC took a step to address the growing mobile application industry by releasing non-binding guidance for mobile app developers intended to help them navigate advertising and privacy concerns as they develop and market mobile applications to consumers. The guidance incorporates an overview of existing laws and FTC policy, and includes a number of general guidelines that mobile app developers should consider when creating and providing the apps to consumers. Namely, these general guidelines include the following:
- Truthful Advertising: The FTC encourages app developers to accurately describe the capabilities of the mobile applications. To do this, app developers should look at all advertising as the average consumer will see it and ensure that such advertisements are not false, misleading, or omitting relevant information. Additionally, objective claims should be substantiated with proof. Further, all such information should be provided in a clear and conspicuous manner.
- Privacy Considerations: The FTC reminds marketers of its preference for privacy by design, a principle that means that privacy considerations should be built into business models from the inception of the business. Such considerations include simplified choice, whereby mobile app developers provide notice and choice at appropriate times, transparency with their data practices, and honoring the promises made to consumers regarding their privacy practices in their privacy settings and privacy policies. Developers should also obtain consent before collecting sensitive information (e.g., medical, financial, geolocation), and keep data secure. According to the FTC, the “wisest policy” for protecting and securing consumer information includes the following:
- Collect only necessary information;
- Secure data by taking reasonable precautions against well-known security risks;
- Limit access to a need-to-know basis; and
- Safely dispose of data when no longer needed.
Further, the FTC reminds marketers that these policies and guidelines apply to all app developers as well as their service providers and contractors. In applying to all app developers, it must be noted that such policies also apply to applications targeted to children, but that such applications must also comply with the Children’s Online Privacy Protection Act where they are directed to and collect information from children under 13.
These guidelines represent the FTC’s interpretation of the ways in which the FTC Act applies to mobile app developers. Essentially, the FTC provides a reminder that privacy and advertising laws still apply in the mobile context. All businesses developing mobile applications should be aware of this guidance. While the guidance does not constitute law, failure to abide by the FTC’s interpretation may result in a company facing enforcement actions filed by the FTC.