- Published Articles
- In the Press
- Press Releases
Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
February 8th, 2013
FTC Releases Best Practices for Mobile Privacy and Fines Mobile Service Provider $800,000
The Federal Trade Commission (FTC) issued a staff report on Friday recommending ways for participants in the mobile ecosystem to improve their mobile privacy disclosures. The report includes guidance tailored for key commercial players involved in the mobile area, including platforms (such as Apple's iOS and Google's Android), app developers, certain third parties (such as ad networks and analytics companies), and trade associations. The report is based, in part, on feedback the FTC received at a May 2012 workshop, as well as other panel discussions and written submissions. Similar recommendations from California's Attorney General were released last month
The FTC noted in the report that its recommendations are intended to be "sufficiently flexible to accommodate further innovation and change" and, to the extent any guidance in the report extends beyond the requirements of existing law, that guidance "is not intended to serve as a template for law enforcement actions or regulations under laws currently enforced by the FTC."
The recommendations are largely focused on making sure that consumers receive timely and easily understandable disclosures about what data is being collected, and how that information is used. Specifically, the report includes the following guidance:
A. Recommendations for Mobile Platforms
- Provide just-in-time disclosures to consumers and obtain their affirmative consent prior to allowing apps to access sensitive content (e.g., geolocation data);
- Consider creating a dashboard of privacy controls to allow consumers to review the types of data accessed by the apps they download and to revisit information choices previously made;
- Use icons to communicate key concepts to users, such as to alert users when data is being transmitted;
- Promote best practices to app developers;
- Clearly disclose to consumers the extent to which platforms review apps prior to making them available for download and conduct compliance checks for apps placed in app stores; and
- Consider offering a Do Not Track mechanism for smartphone users.
B. Recommendations for App Developers
- Provide just-in-time disclosures and obtain affirmative express consent prior to collecting or sharing sensitive information (to the extent platforms have not already done so);
- Improve coordination with advertising networks and other third parties (e.g., analytics companies) in order to make sure accurate disclosures are made to consumers; and
- Consider participating in self-regulatory regimes and industry organizations.
C. Recommendations for Advertising Networks and Other Third Parties
- Communicate and coordinate with app developers to help them provide truthful and complete disclosures to consumers; and
- Work with App Platforms to implement mobile Do Not Track.
D. Recommendations for Trade Associations, Academics, and Researchers
- Create short form disclosures (e.g., icons and badges) for use by app developers;
- Promote standardized forms of privacy policies that will enable consumers to compare data practices across apps; and
- Educate developers about privacy.
The report also mentions that the FTC recently settled charges that Path, Inc. ("Path"), a mobile social networking service, deceived consumers about the collection of address book information on mobile devices through its mobile app, and illegally collected information from children in violation of the Children's Online Privacy Protection Act (COPPA). According to the terms of the consent order, Path will, in addition to other requirements, pay a civil penalty of $800,000.
This enforcement action, together with the report, clearly demonstrates the FTC's continued focus on consumer privacy issues in the mobile app context.
For more information on the report, or legal issues associated with mobile apps, please contact Greg Boyd at (212) 826 5581 or email@example.com or any other member of the Interactive Entertainment Group.
Other Privacy & Data Security Law Alerts
New York Regulator Says Even One Access Control Failure Can Invalidate Years of Compliance Certifications
The New York Department of Financial Services (“NYDFS”) recently entered into a Consent Order (the “Consent Order”) with EyeMed Vision Care LLC (“EyeMed”) over violations of the agency’s Cybersecurity Requirements (23 NY CRR Part 500) (“Part 500”). Read more.
October 26 2022
Privacy News for Q2 2022
A summary of privacy news and trends we have seen in the first half of 2022. Read more.
June 2 2022
Does Your Loyalty Program Violate the CCPA?
California Attorney General Rob Bonta tweeted and released a statement that his office has sent warning letters to businesses in a variety of industries for alleged failure to comply with CCPA. Read more.
February 3 2022