The Federal Trade Commission (FTC) released a Staff Report on February 1, 2013, entitled " Mobile Privacy Disclosures: Building Trust Through Transparency." The FTC Staff Report follows on the heels of earlier recommendations by the California Attorney General (AG), released in January, in a report entitled " Privacy on the Go: Recommendations for the Mobile Ecosystem."

The FTC Staff Report is particularly notable for articulating a gatekeeper function for platform providers in the mobile app ecosystem. The Staff Report and the California AG Recommendations recognize that there are distinct players in the mobile app market – platforms that provide the operating system and marketplaces; developers of the apps; and advertising networks. Each of the FTC Staff Report and the California AG Recommendations target these different players with recommendations.

However, it appears that FTC Staff see the platform providers as particularly amenable to regulation because they are the focal point for the interface between users and app developers.

"[...] platforms such as Apple, Google, Amazon, Microsoft, and Blackberry are gatekeepers to the app marketplace and possess the greatest ability to effectuate change with respect to improving privacy disclosures." (FTC Staff Report, p. 14)

FTC Staff asserted that the platforms "use the plethora of apps offered on their devices as a significant marketing tool" (p. 14). The inference appears to be that the platforms have fair trading obligations to ensure that the apps they distribute meet privacy standards.

As gatekeepers, FTC Staff want platform providers to:

  • Require developers to make privacy disclosures;
  • Enforce privacy disclosure standards;
  • Educate developers on privacy issues;
  • Be responsible for providing "just-in-time" disclosure for the collection of geolocation data and other sensitive data;
  • Be responsible for obtaining consent for the collection of geolocation data and other sensitive data;
  • Develop a "dashboard" to allow consumers to review what types of content is being accessed by Apps on their devices;
  • Develop icons to notify the user of the transmission of user data;
  • Establish a do-not-track (DNT) option at the platform level to allow consumers to make a one-time choice; and
  • Provide consumers with disclosure regarding the extent of review that the platform undertakes prior to making the app available as well as any compliance checks or reviews after the app is made available on the platform's market store.

The approach to platform providers as a potential gatekeeper and enforcer is different from that California AG's report, which focused on the educational role that platform providers could play.

Other highlights from the FTC Staff Report and the earlier California AG Recommendations are:

  • DNT or bust? FTC Staff continue to call on the industry to develop a "DNT mechanism that would prevent an entity from developing profiles about mobile users" (FTC, p. 21). The DNT mechanism must be (i) universal, (ii) easy to find and use, (iii) persistent, (iv) effective and enforceable, and (v) apply to more than just advertisements (FTC, p. 21).
  • "Just-in-Time" and "Surprise Minimization". The FTC Staff Report emphasizes "just-in-time" or contextual disclosure and obtaining express affirmative consent at the point in which it is going to matter to consumers – that is, just prior to collection (FTC, p. 15). The California AG's basic approach is to "minimize surprises to users". The emphasis is on clearer, shorter notices. Organizations should not rely on privacy policies alone but also supplement those notices with alerts delivered "in context and just in time" (AG, p. 5).
  • Icons – but which ones? Privacy icons are the future; however, FTC Staff want to see consumer testing to ensure efficacy (FTC, p. 16).
  • Privacy by Design. The California AG continues to emphasize privacy as the default and the limiting of collection, use and retention to what is necessary to complete the function for which the data was required (AG, p. 9).

For more information, visit our Data Governance Law blog at www.datagovernancelaw.com

About Fraser Milner Casgrain LLP (FMC)

FMC is one of Canada's leading business and litigation law firms with more than 500 lawyers in six full-service offices located in the country's key business centres. We focus on providing outstanding service and value to our clients, and we strive to excel as a workplace of choice for our people. Regardless of where you choose to do business in Canada, our strong team of professionals possess knowledge and expertise on regional, national and cross-border matters. FMC's well-earned reputation for consistently delivering the highest quality legal services and counsel to our clients is complemented by an ongoing commitment to diversity and inclusion to broaden our insight and perspective on our clients' needs. Visit: www.fmc-law.com

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.