Study: 30 Percent Of Teen Girls Meet In Person Strangers They Met Online
New Terms Of Service And Privacy Policies Go Live At Instagram

California AG Issues Report With Privacy Guidelines For Mobile App Developers

Earlier this monthy, California Attorney General Kamala D. Harris issued privacy guidelines for mobile app developers and other companies in the mobile industry to better protect consumers. The new guidelines are part of the State's Privacy Enforcement and Protection Unit. Why the California AG devloped these guidelines:

"... 85 percent of American adults have a cell phone, 45 percent a smart phone, 61 percent a laptop, 25 percent a tablet computer, and 18 percent an e-book reader. Over half of adult cell phone owners use the Internet on their phones, twice the rate in 2009. And nearly one third of cell owners report that their phone is the primary, or only, way they access the Internet... there are more than a million apps available on the primary mobile platforms, and more than 1,600 new apps are added daily... many mobile apps did not provide users with privacy policy statements at all..."

And, experts expect millions of consumers will be affected by mobile threats and mobile malware. This is not a surprise since mobile devices uniquely combine several types of valuable information on a single computer: personal and business email, business documents, personal and business contacts, calling history, text messages, passwords for social networking sites, video, photos, audio, browser history, app history, and your GPS locations by date and time.

The general guidelines:

"For App Developers:
1. Start with a data checklist to review the personally identifiable data your app could collect and use it to make decisions on your privacy practices.
2. Avoid or limit collecting personally identifiable data not needed for your app's basic functionality.
3. Develop a privacy policy that is clear, accurate, and conspicuously accessible to users and potential users.
4. Use enhanced measures -- "special notices" or the combination of a short privacy statement and privacy controls -- to draw users' attention to data practices that may be unexpected and to enable them to make meaningful choices.

For App Platform Providers:
1. Make app privacy policies accessible from the app platform so that they may be reviewed before a user downloads an app.
2. Use the platform to educate users on mobile privacy.

For Mobile Ad Networks:
1. Avoid using out-of-app ads that are delivered by modifying browser settings or placing icons on the mobile desktop.
2. Have a privacy policy and provide it to the app developers who will enable the delivery of targeted ads through your network.
3. Move away from the use of interchangeable device-specific identifiers and transition to app-specific or temporary device identifiers.

For Operating System Developers:
Develop global privacy settings that allow users to control the data and device features accessible to apps.

For Mobile carriers:
Leverage your ongoing relationship with mobile customers to educate them on mobile privacy and particularly on children's privacy."

For each general guideline, the document contains specifics. California led the nation with data breach notification laws to inform and protect consumers. The new guidelines, while not legally binding, are consistent with this leadership.

Items I hoped the guidelines would have contained, but didn't:

  • Don't build apps that upload consumers' entire address books. You don't need all of their information. You may want it, but you don't need it. A small porton of their contacts use your app.
  • Data plan consumption estimates. Auto manufacturers provide consumers with mileage estimates (e.g., city, highway) for their products. App developers should provide similar estimates (e.g., low use, high use) if their apps are bandwidth hogs or operate frequently in the background
  • Use plain English whenever possible for privacy statements and terms of usage statements
  • Streamline and consolidate privacy statements whenever possible. Currently, consumers must read and wade through at least six privacy statements
  • Be transparent and explicit about how you treat metadata with documents, videos, and photos. Consumers have a right to know what metadata elements you use, delete, and add to their assets.
  • Be transparent and explicit with the list of affiliates or partners you share consumers' personal information with. That includes cloud vendors.
  • Be explicit about the assistance (if any) you provide uses when your app is hacked, or when the transacton flow that supports your app is hacked.
  • For additional services, consumers must opt in and register. Don't auto include consumers
  • Guidelines for banks. Some banks develop apps and are covered. Others are part of the transaction flow that enables the app (e.g., payments)

Download the "Privacy On The Go" report (Adobe PDF, 2.27 Mbytes) by the California Attorney General.


Feed You can follow this conversation by subscribing to the comment feed for this post.

mobile app development

The latest news states that the guidelines appear to address both common-sense and forward-thinking recommendations, as well as a range of general and specific guidance.

The comments to this entry are closed.