FTC on mobile privacy: Now offering ‘guidance-plus’

By Anne Collier

The overall message from the Federal Trade Commission to mobile app developers has moved from guidance to what I’d call guidance+. The guidance appears to be growing teeth. The commission, which enforces COPPA (the Children’s Online Privacy Protection Act), reached a settlement with Path, a social network site and mobile app that agreed to pay an $800,000 penalty in response to the FTC’s charges that its privacy policy deceived users, improperly collected contact information in their phone address books, and collected personal information from kids under 13 without their parents’ consent (the COPPA part of the charges). “Path, without admitting or denying the accusations, agreed to … comply with the children’s privacy act, destroy already collected children’s information, follow its own stated privacy policy and have its privacy efforts monitored by an outside party,” the New York Times reported. In fact, in its notices of the settlement, the FTC says Path “has already deleted the address book information that it collected during the time period its deceptive practices were in place.”

The Commission has also published two documents about mobile privacy and security: a business guide for app developers, “Mobile App Developers: Start with Security,” to make it easier for them to bake privacy into their products before they hit the Apple and Google app stores, and a staff report for phone makers, platforms, app developers, advertising networkers and app trade associations: “Mobile Privacy Disclosures: Building Trust Through Transparency.” According to the Times, “the staff report, which was approved by the commission, is not binding, but it is an indication of how seriously the agency is focused on mobile privacy.”

We can thank the FTC for its growing scrutiny of privacy practices on the mobile platform at a time when 1) businesses need to figure out how to bake them into products and services and 2) users of all ages, not just children, haven’t yet figured out their key and growing role in privacy protection in today’s user-driven media environment. But I don’t feel there’s enough understanding either at the FTC or out in society that it’s probably as risky to believe anyone’s digital privacy – adults or children’s – can be ensured by government regulation as it would be if we were dependent solely on industry and user self-regulation (see this by my ConnectSafely co-director Larry Magid).

The protection of people’s privacy and safety is increasingly distributed. Children’s privacy online and on phones cannot be ensured by COPPA (see this). In fact, COPPA has some unintended consequences that could at least reduce enriching options for children online and even put children at greater risk: creating a reason for kids to lie about their age (see this), giving kids cause to migrate to noncompliant sites that have fewer constraints, and creating a chilling effect on creative young companies and reducing opportunities for children online by increasing the cost of doing business in the children’s space (see this).

Related links

* “What the Net privacy big picture has to do with parenting”
* “Staying private on the new Facebook” at NYTimes.com (not sure it’s all that new, but this is level-headed guidance on the latest improvements to FB privacy in the runup to the January launch of Graph Search, which is slowly rolling out worldwide)
* For more on “COPPA 2.0,” see this.

Leave a comment