Guest post by Jon Fox
In the rapidly-changing mobile landscape in the U.S., users often lack information about the new technology running their apps, games, devices, and accompanying privacy policies. On Friday, the Federal Trade Commission stepped in with guidelines to the mobile marketplace to better protect the privacy of mobile users.
The FTC report, “Mobile Privacy Disclosures,” focuses on making sure that consumers get timely, easy-to-understand disclosures about what data is collected and how the data is used. Approved 4-0 by the FTC, with one commissioner abstaining, the report is non-binding but signals that the commission is serious about protecting users from unscrupulous developers.
To fulfill its mandate as America’s chief consumer privacy agency, it is critical that the FTC recognizes the serious need for user privacy guidelines for many online services. In a statement, FTC Chairman Jon Leibowitz said:
“The mobile world is expanding and innovating at breathtaking speed, allowing consumers to do things that would have been hard to imagine only a few years ago. These best practices will help to safeguard consumer privacy and build trust in the mobile marketplace, ensuring that the market can continue to thrive.”
As more people get online, consumers must feel comfortable using online apps and services. Yet, too often we have seen users’ trust violated. On the day the new FTC guidelines were released, Path Inc. agreed to an $800,000 settlement with the FTC over charges that the mobile app collected children’s personal information through its social networking app without their parents’ consent. And Path is not the only wrongdoer.
Reports have surfaced that many mobile apps–from popular games like Angry Birds to software that turns your phone into a flashlight–unnecessarily collect personal user information. Data collection can include the user’s location, gender, a devices’ unique identification number, and sometimes even contact lists and pictures. Such apps often then send the information to marketing companies that use it to compile opaque dossiers on the users.
These data collection practices have not gone unnoticed. The FTC report noted that 57 percent of all app users have either uninstalled an app over concerns about having to share their personal information, or declined to install an app in the first place for similar reasons. In fact, a recent survey found that nearly half of Americans feel that they have little to no control over the personal information companies gather while they are browsing the web or using online services.
Earlier this year, California’s Attorney General Kamala Harris announced new privacy guidelines for mobile app developers. The report, “Privacy on the Go: Recommendations for the Mobile Ecosystem,” addressed two main privacy concerns: data collection and disclosure. Similar to the FTC report, Attorney General Harris’s guidelines urged mobile app developers to be judicious in the data they collect while being mindful of user privacy. “Your personal privacy should not be the cost of using mobile apps, but all too often it is,” Harris concluded at the time.
Implementing Do Not Track
The new FTC guidelines went a step further than the California guidelines, and called for increased user control through a “Do Not Track” (DNT) mechanism for mobile app users that would help to protect consumers from tracking by ad networks or other third parties. The FTC privacy principles are similar to those found in the Access guide for policy makers crafting laws that affect digital rights, “To Regulate or Not to Regulate, is that the Question?: a roadmap to smart regulation of the internet.”
Privacy advocates consider DNT mechanisms a minimum best standard for halting rampant data collection and ensuring consumers can surf the Web without prying eyes monitoring online activities for economic gain. Although industry lobbyists howl that DNT will hurt their profits and stymie online innovation, the evidence shows that when companies are not honest about how they track their users’ movements on the internet, users shy away from using their services.
Yet, DNT is no silver bullet and does not solve all problems with third party tracking. Without strong regulation or standards to back it, DNT is simply a request not to be tracked, and one that advertisers and website operators may choose to ignore. However, pushing federal DNT legislation would be an important first step that would allow for problems to be ironed out once the terms of the debate are set. Privacy researcher Chris Soghoian discusses this at length in a great write up of the history of DNT, outlining some of the challenges with DNT implementation.
Both the FTC and California’s Attorney General have consulted a wide range of actors in the mobile app marketplace, including mobile platforms (such as Amazon, Apple, and Google), app developers, advertising networks, and analytics companies to develop and adopt non-binding guidelines to protect user privacy. But during the two years since the FTC first called on industry leaders to develop a voluntary system, but very little has happened. If industry can’t set the rules for itself, it is time for the FTC to push for federal DNT legislation that protects consumers online.
The White House and leading tech companies agree that consumers need an online DNT system and that the tech industry’s efforts at self-regulation have not satisfied the need for greater privacy protection. Users need legislation to hand them back control over their personal data and bar third parties—companies with ads displayed on a page or ad networks that track users across unrelated websites—from collecting information about a user when that user opts not to be tracked (with limited exceptions for issues surrounding security and fraud prevention).
DNT is one mechanism that will provide consumers with increased control over their online activity and draw them to services that respect their privacy online. Internet giants Mozilla, Microsoft and Apple already support DNT as a winning model. It’s time for everyone else to get on board and pass DNT legislation.
Jon Fox is a consumer advocate and social activist who has worked in the U.S., Southeast Asia, and the Middle East on issues of technology, privacy, and human rights.