- Published Articles
- In the Press
- Press Releases
Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
February 8th, 2013
FTC Releases Best Practices for Mobile Privacy and Fines Mobile Service Provider $800,000
The Federal Trade Commission (FTC) issued a staff report on Friday recommending ways for participants in the mobile ecosystem to improve their mobile privacy disclosures. The report includes guidance tailored for key commercial players involved in the mobile area, including platforms (such as Apple's iOS and Google's Android), app developers, certain third parties (such as ad networks and analytics companies), and trade associations. The report is based, in part, on feedback the FTC received at a May 2012 workshop, as well as other panel discussions and written submissions. Similar recommendations from California's Attorney General were released last month
The FTC noted in the report that its recommendations are intended to be "sufficiently flexible to accommodate further innovation and change" and, to the extent any guidance in the report extends beyond the requirements of existing law, that guidance "is not intended to serve as a template for law enforcement actions or regulations under laws currently enforced by the FTC."
The recommendations are largely focused on making sure that consumers receive timely and easily understandable disclosures about what data is being collected, and how that information is used. Specifically, the report includes the following guidance:
A. Recommendations for Mobile Platforms
- Provide just-in-time disclosures to consumers and obtain their affirmative consent prior to allowing apps to access sensitive content (e.g., geolocation data);
- Consider creating a dashboard of privacy controls to allow consumers to review the types of data accessed by the apps they download and to revisit information choices previously made;
- Use icons to communicate key concepts to users, such as to alert users when data is being transmitted;
- Promote best practices to app developers;
- Clearly disclose to consumers the extent to which platforms review apps prior to making them available for download and conduct compliance checks for apps placed in app stores; and
- Consider offering a Do Not Track mechanism for smartphone users.
B. Recommendations for App Developers
- Provide just-in-time disclosures and obtain affirmative express consent prior to collecting or sharing sensitive information (to the extent platforms have not already done so);
- Improve coordination with advertising networks and other third parties (e.g., analytics companies) in order to make sure accurate disclosures are made to consumers; and
- Consider participating in self-regulatory regimes and industry organizations.
C. Recommendations for Advertising Networks and Other Third Parties
- Communicate and coordinate with app developers to help them provide truthful and complete disclosures to consumers; and
- Work with App Platforms to implement mobile Do Not Track.
D. Recommendations for Trade Associations, Academics, and Researchers
- Create short form disclosures (e.g., icons and badges) for use by app developers;
- Promote standardized forms of privacy policies that will enable consumers to compare data practices across apps; and
- Educate developers about privacy.
The report also mentions that the FTC recently settled charges that Path, Inc. ("Path"), a mobile social networking service, deceived consumers about the collection of address book information on mobile devices through its mobile app, and illegally collected information from children in violation of the Children's Online Privacy Protection Act (COPPA). According to the terms of the consent order, Path will, in addition to other requirements, pay a civil penalty of $800,000.
This enforcement action, together with the report, clearly demonstrates the FTC's continued focus on consumer privacy issues in the mobile app context.
For more information on the report, or legal issues associated with mobile apps, please contact Greg Boyd at (212) 826 5581 or firstname.lastname@example.org or any other member of the Interactive Entertainment Group.
Other Privacy & Data Security Law Alerts
A Big Phone Bill: Dish Network Telemarketing Violation Verdicts Total Approximately $341 Million
In a cautionary tale for marketers, two courts recently found satellite TV provider Dish Network ("Dish") liable for repeated and willful violations of federal and state telemarketing laws.
June 23 2017
Start Your Engines: We Have to Deal With GDPR, What Now?
Back in January, we posted about the circumstances in which your company, even if based in the US, must comply with the EU General Data Protection Regulation (GDPR), taking effect in May 2018. Here we will provide a high level checklist to help you start down the path of GDPR readiness.
April 13 2017
No Harm, No Foul: Court Dismisses Biometric Data Privacy Class Action Against NBA 2K Games
Biometric data — from, e.g., retina, face and fingerprint scans — plays a big role in the current wave of new technology services. For example, biometrics provide security features for financial and healthcare products. But companies using or thinking of using biometric data have to comply with myriad privacy and data security laws and regulations, or face potential enforcement action and litigation.
February 16 2017