With many mobile devices collecting and storing more personal data, a new set of government proposals is aimed at making clearer the amount and type of information mobile apps are able to collect from both users and devices. The new proposals lay out a “voluntary Code of Conduct for mobile application short notices,” and it was developed over the course of a year by a group of stakeholders in a task force convened by the United States Department of Commerce and the National Telecommunications and Information Administration. The group’s aim was to develop guidelines for the “short notice” informing users prior to a download what data an app collects as well as what it does with the data.
The guidelines call for app developers and publishers to detail whether they are collecting biometric, browser history, phone or text log, or contact data, as well as financial information, location information, user files, and biometric information. The last category is seen by some as increasingly important due to the fact that a number of companies seem to be developing wearable mobile devices. Apple in particular is thought to be working on a smart watch device, dubbed the iWatch that would likely regularly log user’s biometric data for interaction with apps.
The proposal rules are calling for publishers and developers to state in their short form notices whether the collected data is shared in a user-specific fashion with ad networks, carriers, consumer data resellers, data analytics providers, government entities, operating systems and platforms, other apps, or with social networks. They don’t require a notice, although if a contract between the app and a third party explicitly limits the use of the data or prohibits sharing. The guidelines also provide exceptions to the above rules, advice on designing the short form notices, and rules on linking to longer, fuller explanation of policies.
The Assistant Secretary of Commerce for Communications and Information Lawrence E. Strickling released a statement saying that the NTIA was pleased that “a diverse group of stakeholders reached a seminal milestone in the efforts to enhance consumer privacy on mobile devices.” The American Civil Liberties Union has also come out in support of the document, calling it a “modest but important step forward.”
For many years now, the collection, retention, and transmission of user data have been points of concern among not only consumer activists, but also lawmakers and regulators. In 20133, a federal grand jury began investigating Android and iOS over their use of user data. Government regulators have also repeatedly asked both Apple and Google to more tightly police user privacy on their respective platforms.
We’ll have to wait and see how news of the proposal pans out.