Consumer Privacy in Focus as Regulators Zero in on Mobile

The Federal Trade Commission says it will disclose its final Privacy Framework report on March 26, 2012, as pressure continues to mount by regulators seeking to protect consumer privacy on mobile devices. In addition to the FTC’s announcement, California’s Attorney General several weeks ago disclosed an agreement with major mobile app stores such as Apple and Google to require developers to provide privacy policies with their apps, and the Obama administration is pushing its own consumer privacy bill of rights.

While policy makers believe regulation is needed, new research shows that consumers are taking greater advantage of their smart phones to do things like in-store shopping. The Nielsen Company revealed an upcoming U.S. Digital Consumer Report will show that 38% of mobile shoppers conduct in-store price comparisons.

Washington-based think tank Future of Privacy Forum is in the thick of the fray over these competing consumer interests. In a recent interview with Street Fight, Jules Polonetsky, co-chair of the Future of Privacy Forum, said his organization is working with industry and government agencies to strike the right balance between the value that location-based services offer to consumers and to promote responsible privacy practices that would ensure proper treatment of user data.

Polonetsky observed that not long ago regulated cellphone carriers provided network services, sold phones and decided what apps could be made available.  Now, the mobile smartphone environment is a fast-growing, chaotic system of platforms provided by Apple or Google, independent app developers, mobile ad networks and other third parties. Polonestsky pointed out that location, address books, social network relationships, photos, texts, emails and other highly personal information is stored on these devices and “many users feel so tied to their phones that they keep them in reach even when in bed.”

However, a series of recent stories, such as mobile apps uploading users’ address books without permission and advertising companies using technical tricks to bypass mobile browser privacy settings, diminished consumers confidence in smartphones and have triggered concerns over consumer privacy. “The market is a victim of its own success,” Polonetsky said. “Policy makers think there’s a problem,” he added, “some think that that they’re (the provider of services) stalking. There isn’t a clear understanding of what is going on.”

The Future of Privacy suggests that developers, app stores, distributors, advertisers, advertising networks and others apply “best practices” to afford consumers greater transparency over the use of their information. The Future of Privacy released a “Best Practices for Mobile Applications Developers,” which emphasizes the following factors:

The apps should present a privacy policy that explains to the user what is collected, how it is used and with whom the business shares the data before the user implements the app.

• The apps should disclose unexpected use of consumer data, such as, if the app shares data for behavioral advertising or sharing the location of a user. “Users should know what the ad networks are doing,” Polonetsky said.
• Give notice to users if any updates to the applications collect or make use of other data regarding the use of the smartphone.
• Disclosures should be clear and specific.
• Get permission from the user before making new uses of old data.
• Don’t collect data that you don’t need.
• Delete old data.
• Give users choices for any unsuspected collection or transfer of personal data.
• Let users know if collection of user data is a condition of the user, such as “we design services based on your location.”
• Keep data secure.

Part of the problem right now, according to Polonetsky, is the limitation existing in current platforms. The platforms limit the ability to provide consumers clear and adequate disclosures. “We are starting to see some movement in this area,” said Polonetsky, noting California Attorney General Kamala Harris’ recent  agreement with six leading app stores and platform operations that will allow consumers to review an application’s privacy policy before they download it. The solution doesn’t end with the app stores. In an article prepared for the Mercury News, Polonestksy and co-chair Christopher Wolf emphasized that “the folks best suited to solve the the problem are the app developers themselves.” Best privacy practices will be addressed at an upcoming App Developer Privacy Summit on April 25, 2012 at Stanford University, hosted jointly by the Future of Privacy Forum, the Application Developers Alliance and the Stanford Law School Center for Internet and Society. The summit’s goal is to bring together experts and developers to find ways to ensure a trusted consumer environment for the app market.

Another concern, according to Polonetsky, is the perception among policy makers that data collection may be a form of stalking. Polonetsky says that “users should always know if the device is sending location,” and therefore, he recommends the that a symbol, such as a compass or other icon, display on a device’s screen when the device is sending user information, such as the location of the user. “When someone is tracking you, you should know,” Polonetsky added.

While greater transparency should be afforded to users on their information by marketers, Polonetsky said policy makers should not confuse their desire to protect consumers with legitimate passive use of smartphone data to provide core mobile services. Those functions include using tower triangulation to locate the device to provide the strongest signal, critical mission flows, or help users find WiFi connections.

Brian Dengler is an attorney with Vorys Legal Counsel and journalist who covers legal issues in eMedia. He is a former vice-president of AOL, Inc., a former newspaperman, and an EMMY-winning TV journalist. He teaches new media issues as an adjunct at Kent State University and formerly at Otterbein University.