FTC Releases New Privacy Recommendations for the Mobile Industry

Wednesday, February 6, 2013 by Kaitlin Powers
The Federal Trade Commission (FTC), on February 1st, released a new report offering recommendations for the mobile industry to achieve enhanced privacy for users. Although the report merely contains guidelines and is not binding, the move signals an increased focus by the FTC on the online privacy of mobile internet users. The FTC adopted these guidelines because of the rapidly increasing use of mobile devices and the accompanying increase in data collection from such devices. Additionally, the FTC noted that, currently, such data collection by mobile applications is largely free from regulation. The FTC also emphasized that data collected from mobile devices can provide key personal information, as mobile devices are most commonly utilized by a single user and are almost constantly carried by users. The new guidelines for the mobile industry come on the heels of 2012 revisions to the FTC’s internet privacy framework and to the Children’s Online Privacy Protection Act (COPPA). Together, these new policies and recommendations demonstrate that the FTC has prioritized online privacy.
The FTC’s investigation into mobile privacy indicated that a substantial majority of Americans do not feel they are in control of their personal information on mobile platforms and applications and have elected not to install or to uninstall an application based upon privacy concerns. FTC chairman Jon Leibowitz advised that those in the mobile industry who decided to follow the FTC recommendations could expect to “build trust in the mobile marketplace, ensuring that the market can continue to thrive.”
The guidelines are largely perceived to be directed at many of the smaller mobile application creators whose deceptive practices might otherwise slip through the cracks. However, the recommendations will also affect large companies such as Amazon and Google. FTC officials asserted that the mobile industry should take these recommendations as notice that the FTC will increasingly monitor industry practices.
The guidelines center on encouraging the mobile industry to create “do not track” (DNT) mechanisms so that consumers can better monitor their own privacy by limiting the visibility of personal content to advertisers and other third parties. Many web browsing services for computers already offer DNT features, but such DNT capabilities are relatively uncommon for mobile devices.

The FTC, on February 1st, released a new report offering recommendations for the mobile industry to achieve enhanced privacy for users. Although the report merely contains guidelines and is not binding, the move signals an increased focus by the FTC on the online privacy of mobile internet users.

The report also encourages mobile platforms and applications to be transparent about which data they collect and how they will use this data. To accomplish this, the FTC suggested that mobile applications should request users’ permission immediately before gathering data about their location. The recommendations also direct the mobile industry to consider asking for an affirmative grant of permission before accessing other content such as photos, videos, calendar entries, and contacts. The guidelines further suggest that mobile platforms should develop icons to represent the type of information being shared and a dashboard where users can see and control which information has been collected. The FTC further recommends that mobile application developers improve their communication chains with third parties so they understand which information is being shared. The recommendations additionally advise trade associations to take a greater role in promoting the use of privacy disclosures and standardized privacy policies. The FTC has also created a business guide to assist web developers in implementing better privacy controls.
Most commentators responded positively to the recommendations; however, some feel that the government has been too slow to develop regulations for privacy on mobile devices, given their common use. Additionally, commentators expressed disappointment that the recommendations are not binding.