On February 1, the FTC released a 36-page staff report entitled “Mobile Privacy Disclosures: Building Trust Through Transparency.” The report followed a one-day FTC public workshop held last May to discuss mobile privacy issues. The staff report makes several policy recommendations. Many of these recommendations are consistent with the Commission’s policy regarding online privacy generally, such as offering a Do Not Track (DNT) mechanism for smartphone users. Other recommendations are more tailored to the mobile ecosystem. For example, the report discusses the privacy challenges of geolocation technology, as well as small screen privacy notices.
The report identifies platforms such as Apple and Google as well as smartphone app developers as the major players in mobile privacy, and directs many of its key recommendations toward them. Platforms are encouraged to use their gatekeeper role between the consumer and an app developer to “provide just-in-time disclosures to consumers and obtain affirmative express consent before allowing apps to access sensitive content like geolocation.” Another recommendation calls for platforms to consider a “privacy dashboard” approach to allow consumers to review the types of content accessed by the apps they have downloaded. App developers are encouraged to adopt privacy policies that are easily accessible through the relevant platform’s app store.
In prepared remarks, FTC Chairman Leibowitz described the report as a useful input into an ongoing effort to address the privacy issues raised by the mobile revolution. In this context, he applauded the ongoing efforts of some platforms and app developer trade associations to self-regulate, and also referenced the Department of Commerce led multi-stakeholder process “to develop a code of conduct on mobile transparency.”
Reps. Barton and Markey – who co-chair the bi-partisan House Privacy Caucus – welcomed the FTC report in a joint release. The release states “[t]he FTC is correct to point out that more must be done to protect the privacy of mobile device users.” Rep. Markey introduced the Mobile Device Privacy Act in the last Congress.
The Association for Competitive Technology (ACT), which represents smaller app developers, also welcomed the FTC report – with two wrinkles. According to the ACT, the FTC recommendation that platforms take on a gatekeeper role for app privacy “could actually backfire” since “stores may opt to do less or no privacy scanning of apps if they perceive a liability risk created by this report.” “Additionally,” according to the ACT, “the report relies on a technology snapshot and may not represent where the industry appears to be headed: offering better consumer controls and data isolation.”