Updated 6:18 p.m. EDT, Wednesday, September 5
The U.S. Federal Trade Commission is concerned that amid the booming industry of mobile device applications, some app makers could be leaving consumers confused or in the dark when it comes to app privacy options, or worse, deliberately misleading customers.
So on Wednesday, the FTC released a new six-page set of guidelines for apps developers called “Marketing Your Mobile App,” which the agency says is designed to help them “comply with truth-in-advertising standards and basic privacy principles.”
In the document, the FTC threatens app makers with fines for violating existing privacy and truth-in-advertising laws: “Laws that apply to established businesses apply to you, too, and violations can be costly,” it reads.
The FTC goes on to note: “Of course, there’s no one-size-fits-all approach. Every app is different. Still, there are some general guidelines that all app developers should consider.”
The FTC proceeds to list nine specific provisions for what it wants app makers to begin doing, if they aren’t already. The provisions are broken up into “Privacy” and “Truthful Advertising” categories. They read as follows:
Truthful Advertising
1. Tell the truth about what your app can do.
2. Disclose key information clearly and conspicuously.
Privacy
3. Build privacy considerations in from the start.
4. Be transparent about your data practices.
5. Offer choices that are easy to find and easy to use.
6. Honor your privacy promises.
7. Protect kids’ privacy.
8. Collect sensitive information only with consent.
9. Keep user data secure.
The last two items are timely, given that on Monday, someone claiming to be affiliated with the hacker collective Anonymous published what appear to be authentic identifying numbers of one million Apple mobile devices, which the self-described hackers said came from a hacked FBI laptop.
Apple, the FBI and an app maker all denied that the numbers were leaked by their hands, though the FBI’s denial specifically said “we have no evidence” to believe that the agency was involved.
The FTC’s new guide book is timely for another reason: The Pew Research Center’s Pew Internet Project on Wednesday published the findings of a new study it undertook this past Spring of a group of 2,254 adults cell phone users it said represented 38 percent of the adult population.
Of the sample group, Pew said that “54 percent of app users have decided to not install a cell phone app when they discovered how much personal information they would need to share in order to use it,” and another 30 percent uninstalled apps they had downloaded before after becoming uneasy about the personal information said apps were collecting and sharing about the phone owners.
Clearly, American phone users are concerned about their privacy when using apps, as is the FTC. The question is: Will app makers get the message? And even if they do, what will they do about it?
CTIA, a lobbying organization that represents the nation’s large wireless carriers and other communications infrastructure companies, gave the following statement to TPM regarding the FTC’s new guidelines:
“CTIA supports the FTC’s ‘Marketing Your Mobile App’ Guidelines. These Guidelines are based on the FTC’s well-established Fair Information Practices, which have also been covered for several years in CTIA’s Wireless Consumer Code and Location Based Service Guidelines. Whether it’s around consumers’ privacy, including kids and COPPA to disclosing information clearly and conspicuously, CTIA has been and will continue to be strong advocates and supporters of these practices.”
A CTIA spokesperson also told TPM that CTIA and some of its members had been in touch with the FTC about mobile industry practices in general.
“The FTC has included CTIA and its members in its workshops and other activities involving mobile applications, and CTIA has shared the wireless industry’s consumer best practices with the FTC,” CTIA’s spokesperson said.
It’s also worth noting the FTC, which recently fined Google $22.5 million over breaching a privacy agreement in the largest ever single fine of its kind from the agency, has also recently been accused of lacking the tools and will to effectively penalize companies that infringe user privacy. For example, in the case of Google, the company paid the fine but did not admit to any violation. Still, the FTC adamantly denies that it is toothless.
Late update: An FTC spokesperson told TPM that the guidelines were drafted by the agency’s bureau of consumer protection and although the CTIA has been in contact with the agency generally, they did not have direct input onto these specific guidelines. The story has been updated to clarify this.
The FTC’s spokesperson also pointed out that the agency could levy a $16,000 fine for every violation of COPPA, or the Children’s Online Privacy Protection Act committed by any company or app-maker (the FTC also recently opened its proposed revisions for COPPA up to public comment), and larger fines for misbegotten gains from sales of deceptive apps.
“When we consider any app that’s part of an ecosystem, we look at all the players,” the spokesperson told TPM. “Just because you’re small or your entity is new doesn’t mean you’re not part of the same system and subject to the same legal standards as everyone else.”
