The FTC’s Mobile Privacy Report included recommendations for trade associations representing app developers and identified much of the area in which ACT has provided industry leadership. Recently we announced the launch of our ACT 4 Apps initiative (supported by Apple, Facebook, Microsoft, PayPal, Verizon & AT&T) to address developer education identified by the FTC as an important responsibility for app trade associations. We are pleased the Commission recognized our successful work in this area and look forward to contributing more resources to help app developers meet these privacy guidelines.
ACT is pleased that the Commission highlighted the privacy dashboard as a preferred means to inform users about data usage in a format accessible to smartphone users. It is time we moved past long privacy policies that are seldom read and give consumers the information they want in a way that they are best able to digest. The FTC’s recommended dashboard model received high praise at the NTIA privacy multistakeholder meetings when ACT demoed its version.
The Commission’s recommendation to make privacy policies a requirement for apps is a sensible step and one that ACT has been advocating to its members for some time. Additionally, we share the FTC’s concern that developer education is a very important element in this process. To ensure that privacy information is presented to consumers in a thorough manner will require outreach to the developer community about best practices, rules guidelines, with tools to display this information easily.
ACT was also glad to see that the FTC recognized the great work of Moms With Apps helping to create the privacy icons and promoting their adoption. In the Commission’s words [Report PDF]:
The MWA badge, which combines icons and limited amounts of text (e.g., “No Ads” or “Has In-App Purchases”), was originally conceived to provide information to parents about five areas: (1) whether an app collects or shares data; (2) whether an app contains advertising; (3) whether any purchases can be made within the app; (4) whether an app shares information with social networks; and (5) whether an app includes external links to other websites. Since the workshop, the badge has undergone additional refinement and now includes additional data fields, such as the recommended minimum age for an app. Commission staff encourages this kind of innovation.
ACT had two areas of concern, however, with the report’s guidance. The recommendation that platforms provide reports about the scanning they do for privacy in a curated store could actually backfire. Stores may opt to do less or no privacy scanning of apps if they perceive a liability risk created by this report. This would not be a good outcome for app makers or consumers. Additionally, the report relies on a technology snapshot and may not represent where the industry appears to be headed: offering better consumer controls and data isolation.