Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
February 8th, 2013
FTC Releases Best Practices for Mobile Privacy and Fines Mobile Service Provider $800,000
The Federal Trade Commission (FTC) issued a staff report on Friday recommending ways for participants in the mobile ecosystem to improve their mobile privacy disclosures. The report includes guidance tailored for key commercial players involved in the mobile area, including platforms (such as Apple's iOS and Google's Android), app developers, certain third parties (such as ad networks and analytics companies), and trade associations. The report is based, in part, on feedback the FTC received at a May 2012 workshop, as well as other panel discussions and written submissions. Similar recommendations from California's Attorney General were released last month
The FTC noted in the report that its recommendations are intended to be "sufficiently flexible to accommodate further innovation and change" and, to the extent any guidance in the report extends beyond the requirements of existing law, that guidance "is not intended to serve as a template for law enforcement actions or regulations under laws currently enforced by the FTC."
The recommendations are largely focused on making sure that consumers receive timely and easily understandable disclosures about what data is being collected, and how that information is used. Specifically, the report includes the following guidance:
A. Recommendations for Mobile Platforms
- Provide just-in-time disclosures to consumers and obtain their affirmative consent prior to allowing apps to access sensitive content (e.g., geolocation data);
- Consider creating a dashboard of privacy controls to allow consumers to review the types of data accessed by the apps they download and to revisit information choices previously made;
- Use icons to communicate key concepts to users, such as to alert users when data is being transmitted;
- Promote best practices to app developers;
- Clearly disclose to consumers the extent to which platforms review apps prior to making them available for download and conduct compliance checks for apps placed in app stores; and
- Consider offering a Do Not Track mechanism for smartphone users.
B. Recommendations for App Developers
- Make sure to have a Privacy Policy easily accessible through the app stores;
- Provide just-in-time disclosures and obtain affirmative express consent prior to collecting or sharing sensitive information (to the extent platforms have not already done so);
- Improve coordination with advertising networks and other third parties (e.g., analytics companies) in order to make sure accurate disclosures are made to consumers; and
- Consider participating in self-regulatory regimes and industry organizations.
C. Recommendations for Advertising Networks and Other Third Parties
- Communicate and coordinate with app developers to help them provide truthful and complete disclosures to consumers; and
- Work with App Platforms to implement mobile Do Not Track.
D. Recommendations for Trade Associations, Academics, and Researchers
- Create short form disclosures (e.g., icons and badges) for use by app developers;
- Promote standardized forms of privacy policies that will enable consumers to compare data practices across apps; and
- Educate developers about privacy.
The report also mentions that the FTC recently settled charges that Path, Inc. ("Path"), a mobile social networking service, deceived consumers about the collection of address book information on mobile devices through its mobile app, and illegally collected information from children in violation of the Children's Online Privacy Protection Act (COPPA). According to the terms of the consent order, Path will, in addition to other requirements, pay a civil penalty of $800,000.
This enforcement action, together with the report, clearly demonstrates the FTC's continued focus on consumer privacy issues in the mobile app context.
For more information on the report, or legal issues associated with mobile apps, please contact Greg Boyd at (212) 826 5581 or gboyd@fkks.com or any other member of the Interactive Entertainment Group.
Other Privacy & Data Security Law Alerts
Are You Ready for the New York Cybersecurity Regulations’ September 3rd Deadline?
Financial institutions and insurance companies operating in New York have until September 3, 2018 to comply with the next phase of New York's Cybersecurity Regulations. Here's what you need to know to avoid regulatory scrutiny. Read more.
August 10 2018
New California Privacy Law Calls for Significant Changes
On the heels of the European General Data Protection Regulation (GDPR), California has now passed a digital privacy law that gives consumers more control over their personal information online. Read more.
June 29 2018
Privacy Shield: Year One Updates You Need To Know
This month we're celebrating Privacy Shield's first birthday with an update on everything Privacy Shield. There have been a number of developments on the Privacy Shield-front that companies certified or seeking self-certification under Privacy Shield need to know. Read more.
October 17 2017
