New guidance on app privacy

The Center for Democracy & Technology (CDT) and the Future of Privacy Forum (FPF) spoke out after the recent hearing in the U.S. Senate about consumer privacy and protection in the mobile market with a set of guidelines and suggestions for mobile app developers.

The groups pointed out that while the data collected and used from consumers is vital to the performance of many mobile apps, some of it is collected inadvertently or strictly for advertising—and all of it can create privacy issues. So CDT and FPF are engaging with app developers, device manufactures and creators of mobile platforms to develop a set of best practices and privacy principles for mobile.

Among the recommendations:

Privacy policy: The two groups advocate that every app should have a written privacy policy explaining to users in plain language what data is collected, how it is used, how it will be shared and how long it will be retained. In instances where it is collected for potential financial benefit, the groups believe that should be disclosed to consumers. (FPF conducted research to see how many popular apps have these policies in place already.)

User choice: Mobile users should be provided choices about the collection, disclosure and use of their personal data, and those choices should be presented when data is about to be collected, the two groups said.

Limited retention: CDT and FPF said developers should only collect as much data as is necessary to perform the functions of the app and only retain this data for as long as it is needed, unless the user clearly has consented to greater collection and retention.

Data security: The groups recommend that developers employ reasonable physical, technical and administrative methods to protect the integrity and security of collected data.

Education: They further recommend that developers educate users about the types of data an app collects and ways they can protect their privacy using the app.

Privacy by design: Finally, CDT and FPF are asking developers to consider privacy from the beginning of the app development process—what personal or device data is needed for app functionality and design the app to collect only what is needed, share it only with those needed to perform the functions of the app, and retain it only for as long as is necessary.

The groups are seeking input from all comers on these issues and their recommendations—so developers would be wise to speak up now to make sure their own priorities get taken into consideration as these guidelines inevitably are developed and put in place.