FTC Staff Report Recommends Ways to Improve Mobile Privacy Disclosures
The USA's Federal Trade Commission has issued a staff report recommending ways that key players in the rapidly expanding mobile marketplace can better inform consumers about their data practices.
Most of the recommendations involve making sure that consumers get timely, easy-to-understand disclosures about what data they collect and how the data is used.
"The mobile world is expanding and innovating at breathtaking speed, allowing consumers to do things that would have been hard to imagine only a few years ago," said FTC Chairman Jon Leibowitz . "These best practices will help to safeguard consumer privacy and build trust in the mobile marketplace, ensuring that the market can continue to thrive."
The FTC staff report is based on the FTC's enforcement and policy experience with mobile issues and a May 2012 FTC workshop, which brought together representatives from industry, trade associations, academia, and consumer privacy groups to explore privacy disclosures on mobile devices.
More than other types of technology, mobile devices are typically personal to an individual, almost always on, and with the user. This can facilitate unprecedented amounts of data collection. In addition, since a single mobile device can facilitate data collection and sharing among many entities, consumers may wonder where they should turn if they have questions about their privacy.
The report cites recent data showing that consumers increasingly are concerned about their privacy on mobile devices. For example, 57 percent of all app users have either uninstalled an app over concerns about having to share their personal information, or declined to install an app in the first place for similar reasons. Less than one-third of Americans feel they are in control of their personal information on their mobile devices.
Based on the Commission's prior work in this area and information obtained through the panel discussions, written submissions, and the report offers several suggestions for the major participants in the mobile ecosystem as they work to improve mobile privacy disclosures.
The report recommends that mobile platforms should:
- Provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geolocation;
- Consider providing just-in-time disclosures and obtaining affirmative express consent for other content that consumers would find sensitive in many contexts, such as contacts, photos, calendar entries, or the recording of audio or video content;
- Consider developing a one-stop "dashboard" approach to allow consumers to review the types of content accessed by the apps they have downloaded;
- Consider developing icons to depict the transmission of user data;
- Promote app developer best practices. For example, platforms can require developers to make privacy disclosures, reasonably enforce these requirements, and educate app developers;
- Consider providing consumers with clear disclosures about the extent to which platforms review apps prior to making them available for download in the app stores and conduct compliance checks after the apps have been placed in the app stores; and
- Consider offering a Do Not Track (DNT) mechanism for smartphone users. A mobile DNT mechanism, which a majority of the Commission has endorsed, would allow consumers to choose to prevent tracking by ad networks or other third parties as they navigate among apps on their phones.
"FTC staff strongly encourages companies in the mobile ecosystem to work expeditiously to implement the recommendations in this report. Doing so likely will result in enhancing the consumer trust that is so vital to companies operating in the mobile environment. Moving forward, as the mobile landscape evolves, the FTC will continue to closely monitor developments in this space and consider additional ways it can help businesses effectively provide privacy information to consumers," the report states.