Posts tagged with "privacy"

Protection of Privacy & Intellectual Property Remain Major Concerns for App Developers & Owners

Leave a Comment

Privacy

If you are a business owner intending to offer a mobile application (“app”) to customers, clients or members, in addition to being clear about who owns what from an intellectual property point of view as to the app’s content and the data it generates, be sure that its construction and operation allow you to meet regulatory requirements. Knowing the legal issues you could face will allow for better design and operation of the app and lessen the chances for missteps.

Here are questions to ask the app’s developer and your operations and maintenance team, along with some actions you can take to avoid unpleasant surprises.

Considering Intellectual Property Protection Issues:

• Who will own the copyrightable content in the mobile app? You or the developer?
• Will the app contain trade secrets or patentable subject matter?
• Will the app incorporate the intellectual property of third parties, such as trademarks or photographs?
• Will the app’s construction rely on any open source software?

The best way to address intellectual property issues is to have appropriate written agreements in place, such as licenses for third-party content, work-made-for-hire agreements, assignments of rights, and non-disclosure agreements.

Considering Privacy and Personal Data Protection Issues:

• What is the minimum personal data that you need to collect to achieve your objectives?
• What kind of technical data, such as IP addresses and transaction data, will the app collect?
• Will you be collecting personal data from minors, especially those under the age of 13?
• Will the app be used by people outside of the USA?
• Will the app offer opt-in or opt-out mechanisms?
• How will the data be stored?
• What kind of procedures will be in place in the event of a cyber breach in the collection or storage of your data?

If the app will collect personal information about users such as health or financial information, or if it will be interacting with minors, then it is critical to be proactive. Analyze your methods of collection, use and storage of the data. Identify the regulatory requirements your app must satisfy prior to collecting personal information (e.g., having the consent of the user) or how to deal with an outside breach of security (think Target, Home Depot, JP Morgan/Chase). Such forethought will enable you to have policies and procedures to lessen exposure and/or allow for timely corrective action should a cyber breach of your data protection safeguards take place.

Your Mobile Device Wants Your Location Information– Implications for Personal Privacy Part 1
Leave a Comment

In earlier blogs I discussed developments related to privacy protection and the collection of personal data about children through mobile apps.  Needless to say, concern for privacy protection is of great interest to everyone not just parents and children.

For example, personal data easily generated by mobile devices is information about your location.  Some may feel that providing this kind of information is worthwhile, because they can receive timely news about nearby activities or sales promotions.  Vendors love this information because it enables them better to reach customers on the verge of purchase decisions.

While there is the short term convenience a user gains by revealing her location, what about the aggregation of information about her movements over a long period of time?  The app that offers a timely sales pitch can at the same time accumulate information about a user’s movements, which can result in a highly detailed picture about the user.  It is a given that this kind of specific detail is valuable to vendors; but when would such accumulation cross the line of a person’s reasonable expectations of personal privacy?

Because mobile app technology is advancing rapidly, regulators, legislators and advocacy groups are raising the alarm.  The main challenge is to find workable ways to balance the consumer’s need to be adequately informed so as to give knowing consent to the accumulation of information about their movements, and vendor and marketer needs to be in the best position to make “a sale.”  http://www.nytimes.com/2013/01/06/technology/legislation-would-regulate-tracking-of-cellphone-users.html?nl=technology&emc=edit_tu_20130107&_r=0

Recently, a number of governmental and association players have offered some “guidance” to help app developers, app platform providers and mobile ad networks adopt “best practices” as they go forward with the creation of new mobile products.

Among these developments are the just released recommendations of the California Attorney General for “Mobile Ecosystem Stakeholders.”  http://oag.ca.gov/sites/all/files/pdfs/privacy/privacy_on_the_go.pdf

In addition, the App Developers Alliance, Consumer Action, World Privacy Forum and the ACLU are working together on proposals for screen mock-ups that app developers can incorporate to inform users as to what data will be collected and who will have access to it.

http://www.washingtonpost.com/blogs/post-tech/post/app-developers-privacy-advocates-work-out-suggestions-for-policy-disclosure/2012/11/30/f79a0a4e-3aec-11e2-8a97-363b0f9a0ab3_blog.html

Finally, the Federal Trade Commission recently issued its report, “Protecting Consumer Privacy in an Era of Rapid Change.”  http://www.ftc.gov/opa/2012/03/privacyframework.shtm

There is a trade-off between convenience and protecting personal privacy.  Those who are looking to benefit from what the new technology offers, whether as a user or service provider, should become more informed of the scope of the debate.  As I will discuss in Part 2 of this series of blogs, the technological revolution will not just affect business transactions but could inform how law enforcement can proceed when collecting information about a suspect.  Stay tuned…..

PRIVACY, CHILDREN AND MOBILE APPS
Leave a Comment

On December 10, 2012, the Federal Trade Commission (FTC) released its “Second Kids’ App Report” about privacy protections in apps designed for children.  The FTC’s findings were not pretty.   http://www.ftc.gov/opa/2012/12/kidsapp.shtm  

The report found that many of the apps sold and marketed to children transmitted data about phone numbers, precise location and the unique serial code of the mobile device to advertisers and other third parties.  All of this was without the users’ knowledge or consent.  The FTC reviewed 400 of the most popular children’s apps appearing on Google and Apple platforms.  Of those, only one-fifth disclosed data collection practices. 

As a result of this, the FTC announced its intention to examine the practices of some of the app developers to see whether they violated the Children’s Online Privacy Protection Act of 1998 (COPPA), 15 USC Section 6501-6506   http://www.coppa.org/.  COPPA requires website operators to obtain the permission of parents of children younger than 13 before collecting or sharing certain information about the child users.

National laws and regulations like COPPA and state laws all have their own standards for the collection of personal data.  Additionally, there are the possible effects of future laws and regulations.  This is a difficult landscape for the small firm app developer to navigate because of the large number of moving parts.

If you are an app developer, regardless of whether your programs are geared to children, you need to understand these issues and take pro-active steps as these developments along with current and future regulations will affect your livelihood.

One big player among the states is California.  Its Online Privacy Protection Act (CALOPPA) Cal. Bus & Prof. Code Sections 22575-22579, requires all mobile apps that collect personal data to have a privacy policy.  California is fully prepared to play hardball with developers.  Recently, it sued Delta Airline for failing to comply with CALOPPA.  http://oag.ca.gov/news/press-releases/attorney-general-kamala-d-harris-files-suit-against-delta-airlines-failure

The current environment of consumer concern and industry pressure to move forward has a parallel in the recent past when we all endured a glut of SPAM in our e-mail in-boxes.  Various states enacted legislation to regulate the out of control spam, resulting in a patchwork of state laws and regulations.  In 2003, the federal government enacted the CAN-SPAM Act, 15 USC 7701 et seq.  http://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003.  Although the Act was not as strict as some wanted, the CAN-SPAM Act did provide order to the cacophony of regulatory schemes as the federal law preempted the state laws.  Needless to say, we are far from getting even that level of consistency.

There is an obvious need for one, nation-wide standard to protect children’s online privacy given the reach of the internet and the broad range of competing interests. But as of now, we are far from a uniform national standard.  And who knows whether Congress will develop a workable fix before the next big online communication method replaces mobile apps? 

However, there is hope. Some groups are trying to be proactive.  For example, the Application Developers Alliance (ADA), http://appdevelopersalliance.org/, and the American Civil Liberties Union (ACLU) have introduced draft app transparency screens.  These prototypes would give consumers a chance to compare the data collection practices of a mobile app, to show the kinds of data collected and the groups with whom it is shared before opening the program.  See http://www.nytimes.com/2012/12/09/technology/effort-to-clarify-mobile-app-data-rights-hits-snags.html    It is not certain that such would meet CALOPPA’s requirement, but it certainly would be a start.

App developers, especially smaller ones, should consider these proactive “fixes” and join a group like the ADA to be kept up-to-date about the many twists and turns in this ongoing story.