Mobile Guidelines

FTC releases privacy policy for mobile devices

Monday, February 4, 2013

The US FTC has issued a non-binding set of guidelines (here) for mobile privacy. That means they aren't policing them "yet" but based on these recommendations you might want to start being more pro-active with your app privacy policies.

Mobile computing is growing so fast that the FTC is afraid US consumers might become the victims of overlooked policies, and unknowingly send private information across unsecured lines. These new set of guidelines aim to steer mobile developers into a path of compliancy - and it mostly starts with a good privacy policy that is easily accessible to users of your app.

This report differs from some other recent recommendations in that is takes aim directly at mobile app stores (Apple, Amazon, Google, Blackberry), giving recommendations that involve making sure that consumers get timely, easy-to-understand disclosures about what data they collect and how the data is used. By targeting the stores they can inadvertently enforce their rules because the last thing any of them want is to dance on the edge of non-accepatance in the US markets.

In short mobile developers, create a privacy policy for your app that informs anyone using it of exactly what information you are getting from their device, and how you are using it. This includes what ad networks you are using, and how they are also using information from the app. The most common items currently being accessed are:

UUID or Device ID

GPS location

IP Address

Browser Type

OS Version

Screen Size

MAC Address

Contacts

Facebook Friends

Phone Number

There are many others but those are the most common - some are more geared towards Android because the platform is more open.

Here is a basic template you can use to get started building your privacy policy:

Privacy Policy

Your privacy is very important to us. Accordingly, we have developed this Policy in order for you to understand how we collect, use, communicate and disclose and make use of personal information. The following outlines our privacy policy.

Before or at the time of collecting personal information, we will identify the purposes for which information is being collected.
We will collect and use of personal information solely with the objective of fulfilling those purposes specified by us and for other compatible purposes, unless we obtain the consent of the individual concerned or as required by law.
We will only retain personal information as long as necessary for the fulfillment of those purposes.
We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.
Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date.
We will protect personal information by reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
We will make readily available to customers information about our policies and practices relating to the management of personal information.
We may or may not use any of the following for advertising purposes or app usage purposes only, UUID or Device ID, GPS location, IP Address, Browser Type, OS Version, Screen Size, MAC Address, Contacts, Facebook Friends, and Phone Number.

We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.