Over the last few years, the Federal Trade Commission (FTC) has kept a close eye on the emerging mobile app industry – and it doesn’t always like what it sees. Recently the FTC settled with Path, a social networking site that allows users to create a virtual diary. According to the FTC press release, “The settlement requires Path, Inc. to establish a comprehensive privacy program and to obtain independent privacy assessments every other year for the next 20 years. The company also will pay $800,000 to settle charges that it illegally collected personal information from children without their parents’ consent.”
That’s a lot more attention from the FTC (and the world) than most application development companies want!
Thankfully, the FTC just issued (non-mandatory) guidelines for application developers to help the stay on the good side of federal regulators. Much of the guidance is just good business practices to keep customer trust and loyalty. But, they also repeatedly mention the concept of “just in time” disclosures, which require integration of opt-in language during the setup and operation of the software. The FTC specifically asks that app developers:
- Provide just-in-time disclosures and obtain affirmative express consent before collecting and sharing sensitive information (to the extent the platforms have not already provided such disclosures and obtained such consent);
- Improve coordination and communication with ad networks and other third parties, such as analytics companies, that provide services for apps so the app developers can provide accurate disclosures to consumers. For example, app developers often integrate third-party code to facilitate advertising or analytics within an app with little understanding of what information the third party is collecting and how it is being used. App developers need to better understand the software they are using through improved coordination and communication with ad networks and other third parties.
- Consider participating in self-regulatory programs, trade associations, and industry organizations, which can provide guidance on how to make uniform, short-form privacy disclosures”.