App Privacy Policies Taken Seriously by Government, if Not All Consumers
SILICON VALLEY -- Regulators will hold mobile app developers to the promises they make to consumers, including in their privacy policies, government officials said at the App Developer Privacy Summit here Wednesday. Federal and state governments rely on such privacy policies for enforcement actions, they said. Even though consumers don’t often read them, law enforcement agencies look to them to make sure companies aren’t being deceptive.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
"If you have a privacy setting, make sure you're taking reasonable steps to honor it,” said Laura Berger, a senior attorney with the Federal Trade Commission’s division of Privacy and Identity Protection. States also rely on such notices for enforcement, said Travis LeBlanc, California special assistant attorney general for technology. “When you establish a privacy policy, you are making representations about what you do and you don’t do,” LeBlanc said. “We pay attention to that."
Beyond direct enforcement of laws, the government can use the bully pulpit to raise awareness about privacy issues, LeBlanc said. “We also have the ability to convene,” he said. He said the California Attorney General’s office has been working with players in the mobile app space on compliance with state rules and will convene again in six months to evaluate how it has been going. “We're going to see the state of things, and at that point I expect we'll begin enforcement with the app developers … if we haven’t seen a substantial increase in compliance."
Platform providers such as Facebook, Research In Motion, Microsoft and Mozilla are also looking to see app developers live up to their promises, executives said during a later panel discussion at the summit. Though policies differ from platform to platform, overall the sense among panelists was similar -- platforms ask the developer about the information they'll be collecting, then test to make sure the apps comply with those representations through a combination of automated and manual testing and feedback from users.
Moreover, platforms have found there’s an inverse correlation between the amount of personal data collected and the consumer uptake of an app, said Alex Rice, a product security engineer at Facebook. “You have a very important decision to make when you're developing an application,” he said. “Which data do you want to ask users to entrust to you? Each additional piece of data will cause some additional set of users to turn off your application,” he said. The more information an app collects the fewer users it will have, he said. “It’s important to minimize up front how much data you're requesting."
California’s Office of Privacy Protection is working on a set of mobile privacy policy best practices it plans to publish in July, its chief Joanne McNabb said. “We're not only looking for ‘here are good ways to present what your policies and practices are,'” but also to help recommend what elements should be included in such policies, she said. “The mobile app world is like the Wild West, with a lot of pretty clearly inappropriate data flows going on,” she said.