Privacy on Internet

Developments in Privacy Arena for: Mobile Apps & Online Data Breach Notification
Leave a Comment

ATTENTION– mobile app developers and advertisers in the mobile Web environment.  Despite the talk of political gridlock, a combination of federal agencies, private groups and Congress have moved forward in 2013 with ways to solve some of the important dilemmas associated with the protection of personal information.  Here is the scoop as to some of what has been happening and links to important documents which can inform you about the regulatory developments in the mobile Web environment.

·       The Digital Advertising Alliance, a consortium of the some big players in advertising, released guidance this summer explaining the application of their Self-Regulatory Principals, in the mobile app and mobile Web environment.  Their seven Self-Regulatory Principals are at:  http://www.aboutads.info/resource/download/seven-principles-07-01-09.pdf.   The Guidance is at:  http://www.aboutads.info/DAA_Mobile_Guidance.pdf.

·       The Federal Trade Commission (“FTC”) developed additional guidance in the form of answers to some FAQ related to compliance with their recently issued Children’s Online Privacy Protection Rule (“COPPA Rule”), effective as of July 1, 2013.

·       Go to http://www.coppa.org/coppa.htm to see the Children’s Online Privacy Protection Act (the “Act”).  The FTC’s Rule, which implements the Act, may be found at:  http://www.ftc.gov/os/fedreg/2013/01/130117coppa.pdf.  You can find the FTC’s Guidance for complying with the Act and answers its FAQ at: http://www.coppa.org/comply.htm and http://www.business.ftc.gov/documents/Complying-with-COPPA-Frequently-Asked-Questions.

·       The U.S. House of Representatives has not been asleep at the switch.  The House Energy and Commerce Committee’s Subcommittee on Commerce, Manufacturing and Trade, has set up a bipartisan working group to examine online privacy issues and the need to protect personal information while not hindering innovation.  The Subcommittee has also held hearings into the reporting requirements of consumer data breaches.  Currently, the reporting of such Internet breaches of consumer data is covered by a patchwork of state laws. (For a list of the state laws regulating notification requirements for security breaches involving personal information, see http://www.ncsl.org/issues-research/telecom/security-breach-notification-laws.aspx ).   Needless to say, the industry would prefer implementation of a uniform technology neutral standard that could be established by federal law.

              In future blogs, I will examine a number of these developments in the protection of personal data and mobile devices in more detail.

Your Mobile Device Wants Your Location Information– Implications for Personal Privacy Part 1
Leave a Comment

In earlier blogs I discussed developments related to privacy protection and the collection of personal data about children through mobile apps.  Needless to say, concern for privacy protection is of great interest to everyone not just parents and children.

For example, personal data easily generated by mobile devices is information about your location.  Some may feel that providing this kind of information is worthwhile, because they can receive timely news about nearby activities or sales promotions.  Vendors love this information because it enables them better to reach customers on the verge of purchase decisions.

While there is the short term convenience a user gains by revealing her location, what about the aggregation of information about her movements over a long period of time?  The app that offers a timely sales pitch can at the same time accumulate information about a user’s movements, which can result in a highly detailed picture about the user.  It is a given that this kind of specific detail is valuable to vendors; but when would such accumulation cross the line of a person’s reasonable expectations of personal privacy?

Because mobile app technology is advancing rapidly, regulators, legislators and advocacy groups are raising the alarm.  The main challenge is to find workable ways to balance the consumer’s need to be adequately informed so as to give knowing consent to the accumulation of information about their movements, and vendor and marketer needs to be in the best position to make “a sale.”  http://www.nytimes.com/2013/01/06/technology/legislation-would-regulate-tracking-of-cellphone-users.html?nl=technology&emc=edit_tu_20130107&_r=0

Recently, a number of governmental and association players have offered some “guidance” to help app developers, app platform providers and mobile ad networks adopt “best practices” as they go forward with the creation of new mobile products.

Among these developments are the just released recommendations of the California Attorney General for “Mobile Ecosystem Stakeholders.”  http://oag.ca.gov/sites/all/files/pdfs/privacy/privacy_on_the_go.pdf

In addition, the App Developers Alliance, Consumer Action, World Privacy Forum and the ACLU are working together on proposals for screen mock-ups that app developers can incorporate to inform users as to what data will be collected and who will have access to it.

http://www.washingtonpost.com/blogs/post-tech/post/app-developers-privacy-advocates-work-out-suggestions-for-policy-disclosure/2012/11/30/f79a0a4e-3aec-11e2-8a97-363b0f9a0ab3_blog.html

Finally, the Federal Trade Commission recently issued its report, “Protecting Consumer Privacy in an Era of Rapid Change.”  http://www.ftc.gov/opa/2012/03/privacyframework.shtm

There is a trade-off between convenience and protecting personal privacy.  Those who are looking to benefit from what the new technology offers, whether as a user or service provider, should become more informed of the scope of the debate.  As I will discuss in Part 2 of this series of blogs, the technological revolution will not just affect business transactions but could inform how law enforcement can proceed when collecting information about a suspect.  Stay tuned…..