As Critics Call on Mobile Applications to Include Privacy Policies, Developers Should Be Aware of Compliance and Risk
Recent controversy about the tracking capabilities of mobile software, including apps provided by Apple and Google, highlights the increased push for privacy policies covering mobile applications. Senator Al Franken of Minnesota, chairman of the Senate Judiciary Committee’s privacy subcommittee, recently sent a letter to the CEOs of Apple and Google asking them to require “clear and understandable” privacy policies for all applications in the Apple App Store and Android App Market. Currently, neither company proactively enforces a requirement for apps to include these policies.
This push for mobile app privacy policies comes on the heels of Senator Franken’s Congressional hearing in early May after high-profile coverage about a location database discovered in Apple iOS software for iPhones. That tracking file, which contained information about users’ locations using data from Wi-Fi hot spots and cell towers, was extensively covered by major news organizations. Google’s Android software has similar tracking capabilities and creates a similar log file.
In addition to the bad publicity related to these tracking issues, lawsuits have resulted. On June 9, 2011, two plaintiffs in Florida filed a class action complaint against Google alleging the Android software engaged in illegal tracking and recording of users and that Google violated the Computer Fraud and Abuse Act and Florida law by failing to inform Android users that they were being tracked. Apple has faced similar lawsuits recently.
In light of the recent press about mobile tracking and the increased attention to mobile devices and apps from Congress, mobile application developers should include comprehensive privacy policies with their software. In so doing, developers should bear several key points in mind and learn from the mistakes made by past targets of government enforcement.
Privacy policies must be carefully crafted to comply with the various laws dictating required content. The laws that apply will vary based on industry, the type of data collected, and the age and residency of users. Age and residency can be particularly challenging to discern in a mobile environment.
Mobile application providers face special challenges in drafting comprehensive privacy policies that can be read and understood by users reading them on small screens. Short form notices, sometimes called “highlights notices,” can be helpful, but developers must ensure material information is conveyed without excessive linking that can bury crucial content.
Despite the risk inherent in making enforceable privacy promises to consumers, the abundance of lawsuits related to online and mobile tracking, the applicable legal requirements and the scrutiny from the press, regulators, legislators and consumers collectively mean that implementation of privacy policies is strictly necessary for mobile apps. The key to managing these risks is to understand the legal landscape, to understand the operation of the software, and to develop a prudent approach that serves the application developers and the companies providing mobile apps to their consumers and employees.