Continuing her efforts to improve privacy in the mobile sphere, California Attorney General Kamala Harris released a report titled “Privacy on the Go: Recommendations for the Mobile Ecosystem,” a set of “privacy best practices” for app developers, platform providers, ad networks, and others in the mobile ecosystem.
“Our recommendations, which in many places offer greater protection than afforded by existing law, are intended to encourage all players in the mobile marketplace to consider privacy implications at the outset of the design process,” according to the report.
The report recommends that the design process include privacy protections from the first stages of development and that “accurate, conspicuous, and easy-to-understand privacy policies” are available to consumers prior to download. App developers should make default settings “privacy protective” (e.g., not permitting the automatic sharing of contact information by default) and should limit their collection of personally identifiable information, broadly defined to include geolocation data, call logs, address books, browsing history, and pictures.
The report also tracks the report by the Federal Trade Commission issued last year and recommends app developers use enhanced measures to draw user attention to potentially unexpected data practices, such as the collection of sensitive information, and provide users the ability to opt out. Ad networks should avoid delivering ads outside the context of the app (e.g., putting icons on the mobile desktop) and should share their privacy policies with app developers who can make them available to consumers before downloading an app.
In response, a coalition of ad groups – including the Direct Marketing Association, the Interactive Advertising Bureau, the American Advertising Federation, the Association of National Advertisers, and the American Association of Advertising Agencies – sent a letter to the AG, stating that the guidelines “extend far beyond existing legal requirements under California law.”
Further, the groups expressed their concern that these recommendations, if implemented, will chill innovation in the marketplace, cost jobs, harm California’s economy, and deprive consumers of the benefits of mobile applications, products, and services.
The groups also noted that Harris neglected to seek the input of the industry associations, that she never presented the recommendations for public review and comment, and that other efforts to regulate mobile privacy are already under way, including a multistakeholder process with the Department of Commerce, various congressional committees, and agencies such as the FTC and the Federal Communications Commission.
“Matters of mobile privacy are best addressed through codes of conduct developed through broad industry consensus that include mechanisms for responding to shifting technologies, practices, and consumer preferences,” the groups argued. “These recommendations, which openly conflict with developing consensus standards and are not grounded in any apparent legal authority, go well beyond existing requirements under California law, as well as Federal law, and will inevitably impact countless entities that are not subject to California’s Online Privacy Protection Act. As a result, these circumstances would create uncertainty in the marketplace, raise unnecessary costs for business, restrict innovation, slow economic growth, reduce benefits for consumers, and result in job losses in California and throughout the nation.”
To read “Privacy on the Go,” click here.
To read the coalition’s letter, click here.