California Attorney General Kamala D. Harris (who last year announced “the creation of the Privacy Enforcement and Protection Unit in the Department of Justice which will focus on protecting consumer and individual privacy through civil prosecution of state and federal privacy laws”) has released proposed guidelines for protecting privacy in mobile privacy apps. In “Privacy on the Go: Recommendations for the Mobile Ecosystem” (pdf), Harris writes:
The world has gone mobile. Today, 85 percent of American adults own a cell phone and over half of them use their phones to access the Internet. The mobile app marketplace is also booming with more than 1,600 new mobile apps being introduced every day. These apps allow us to do everything from streaming movies to hailing a cab to viewing our own X-ray and ultrasound images.
Along with the many wonderful capabilities these apps offer, we remain mindful that the mobile environment also poses uncharted privacy challenges, such as the difficulty of providing consumers with meaningful information about privacy choices on small screens and the many players who may have access to sensitive user information. These are challenges that we must confront and that we must resolve in a way that appropriately protects privacy while not unduly stifling innovation. As Attorney General, I am tasked with ensuring that this balance is maintained.
Last year, we took a first step in addressing these challenges with a Joint Statement of Principles that was adopted by the leading operators of mobile application platforms. […]
We are now offering this set of privacy practice recommendations to assist app developers,
and others, in considering privacy early in the development process. We have arrived at these recommendations after consulting a broad spectrum of stakeholders: mobile carriers, device manufacturers, operating system developers, app developers, app platform providers, mobile ad networks, security and privacy professionals, technologists, academics, and privacy advocates.
Here are some highlights:
For App Developers
- Start with a data checklist to review the personally indentifiable data your app could collect and use it to make decisions on your privacy practices.
- Avoid or limit collecting personally indentifiable data not needed for your app’s basic functionality.
- Use enhanced measures – “special notices” or the combination of a short privacy statement and privacy controls – to draw users’ attention to data practices that may be unexpected and to enable them to make meaningful choices.
For Mobile Ad Networks
- Avoid using out-of-app ads that are delivered by modifying browser settings or placing icons on the mobile desktop.
- Move away from the use of interchangeable device-specific identifiers and transition to app-specific or temporary device identifiers.
Read the full report for more.