'Clean up your act, or Congress may do it for you'
Protecting consumers' privacy on their mobile devices is a complicated business, and platform vendors, app developers, and advertising networks all have their part to play, according to new guidelines from the US Federal Trade Commission (FTC).
Today's consumers frequently use a single device to do everything from reading the news to sending messages, paying bills, ordering tickets, tracking their friends with geolocation services, connecting to social networking sites, and more. As the report explains:
The complexity of the ecosystem raises 21st century concerns: When people use their mobile devices, they are sharing information about their daily lives with a multitude of players. How many companies are privy to this information? How often do they access such content and how do they use it or share it? What do consumers understand about who is getting their information and how they are using it?
"Platforms such as Apple, Google, Amazon, Microsoft, and Blackberry are gatekeepers to the app marketplace and possess the greatest ability to effectuate change with respect to improving mobile privacy disclosures," the report states.
For example, the FTC recommends that platform vendors design the APIs that expose users' sensitive data so that they display just-in-time notifications to the user whenever an app tries to use them, and that they require the user's express consent before they actually grant access to the data.
The report further recommends that platform vendors provide their users with a one-stop privacy dashboard, where they can easily review all of the permissions that have been granted to all of the apps on their devices.
The commission expects app developers to take the initiative to provide similar kinds of alerts and controls themselves, and to publish clear privacy policies. But it places equal responsibility on platform vendors to police their app stores by conducting thorough reviews of the apps that are submitted, and rejecting those that fail to observe privacy best practices.
Where ad networks are concerned, the FTC would like to see them do a better job of coordinating with app developers to make sure they fully understand the privacy ramifications of their services, so that the developers can make full and correct disclosures to users.
But the commission isn't going to hold its breath on that score. In what is perhaps its boldest recommendation, the report calls upon all the major players to work together to develop a Do Not Track (DNT) mechanism for mobile devices, similar to the
systems already being implemented in desktop web browsers...
Again, the FTC report offers only guidelines, not rules. There is currently no law that forces any company to abide by any of the commission's recommendations and indeed, the report itself says that it is "not intended to serve as a template for law enforcement actions or regulations under laws currently enforced by the FTC."