California Attorney General Kamala Harris today issued consumer privacy guidelines for mobile application developers.
“Today, 85 percent of American adults own a cell phone and over half of them use their phones to access the Internet. The mobile app marketplace is also booming with more than 1,600 new mobile apps being introduced every day. These apps allow us to do everything from streaming movies to hailing a cab to viewing our own X-ray and ultrasound images,” said Harris in the report. “Along with the many wonderful capabilities these apps offer, we remain mindful that the mobile environment also poses uncharted privacy challenges.”
The report was criticized by representatives of Internet and media associations for not adequately getting input for the report from companies and consumers.
“We are disappointed that the California Attorney General would finalize a recommendation on such an important issue based on such limited engagement with the companies that will be expected to put them into practice,” said Mike Zaneis, Senior Vice President for Public Policy at the Interactive Advertising Bureau, in a statement.
The office engaged a “broad spectrum” of stakeholders to arrive at the recommendations, according to the report.
Last year after creating the Privacy Enforcement and Protection Unit within the state Department of Justice, Harris forged an agreement with Amazon, Apple, Facebook, Google, Hewlett-Packard, Microsoft and Research in Motion to display app privacy policies that users could easily review before downloading apps.
From the Attorney General’s report, recommendations include:
For App Developers
• Start with a data checklist to review the personally identifiable data your app cold collect and use it to make decisions on your privacy practices.
• Avoid or limit collecting personally identifiable data not needed for you app’s basic functionality.
• Use enhanced measures – “special notices” or the combination of a short privacy statement and privacy controls – to draw users’ attention to data practices that may be unexpected and to enable them to make meaningful choices.
For App Platform Providers
• Make app privacy policies accessible from the app platform so that they may be reviewed before a user downloads an app.
• Use the platform to educate users on mobile privacy.
For Mobile Ad Networks
• Avoid using out-of-app ads that are delivered by modifying browser settings or placing icons on the mobile desktop.
• Move away from the use of interchangeable device-specific or temporary device identifiers.
For Operating System Developers
• Develop global privacy settings that allow users to control the data and device features accessible to apps.
For Mobile Carriers
• Leverage your ongoing relationship with mobile customers to educate them on mobile privacy and particularly on children’s privacy.