Under Code, Apps Would Disclose Collection of Data
Like food packages that display nutrition labels, some mobile apps could soon display information that allows consumers to decide at a glance whether the apps are good for them.
A variety of groups, including app developers and consumer advocates, have agreed to test a voluntary code of conduct that would require participating app developers to offer short-form notices about whether their apps collect certain personal details from users — including health and social networking data — or share user-specific data with entities like advertising networks or consumer data resellers.
The idea is to allow people to compare the data collection practices of, say, flashlight apps and choose one that does not ingest unrelated material like their photos or contact lists. The determination that the notices are ready for testing is the outcome of yearlong negotiations — convened by the National Telecommunications and Information Administration, a division of the United States Commerce Department — to increase mobile app transparency for consumers. Participants included app developers, digital marketing, civil liberties, consumer and privacy groups.
On Thursday, many participants in the process voted to support a version of the code drafted by a diverse coalition including the Application Developers Alliance, an industry association, and advocacy groups like the American Civil Liberties Union and the World Privacy Forum.
Although major mobile app developers like Apple and Google, which develops mobile apps for its Android platform, have not indicated whether they intend to sign on to the code of conduct, groups involved in drafting it say it is a significant advance in mobile privacy for consumers — and an unusual agreement among industry and consumer advocates.
“It’s a victory for common sense,” said Tim Sparapani, vice president for law, policy and government relations at the Application Developers Alliance, a group representing more than 100 companies and 20,000 individual developers.
But other participants in the negotiations said the notices would do little to give individual consumers more insight into or control over the vast piles of information about them that online entities collect and analyze. The notices would display only a limited list of data collection categories, they say, and would not allow consumers to opt out of data-mining or even see the records companies had amassed about them.
“A very modest slice of privacy was put forward,” for the groups to tackle, said Susan Grant, the director of consumer protection at the Consumer Federation of America, a research and advocacy organization representing about 300 consumer groups. “As time went on, that slice became more and more narrowed.”
She abstained from the vote Thursday on whether to support the code.
In the past, the app industry has been heavily criticized by some federal regulators and consumer advocates for collecting personal details from users without their knowledge or consent. A review last year by the Federal Trade Commission of 400 popular children’s apps available on Google and Apple platforms concluded that only 20 percent disclosed their data collection practices.
The code of conduct would require participating mobile app developers to show notices indicating whether their apps collected user-specific details in any of eight categories: biometrics, including fingerprints or facial recognition data; Web browsing history; logs of phone calls or texts made or received; contact list details like e-mail addresses or social network connections; financial information, like credit or banking data; health or medical data; precise location data; and stored text, video or photo files.
Signatories to the code would also have to list any of eight categories of entities with which their apps shared information; these include ad networks; mobile carriers; consumer data resellers; data analytics companies; government entities; operating systems; social networks; or other apps.
Companies that violated a promise to adhere to the code would be subject to enforcement action by the Federal Trade Commission. The code is the first step in a larger plan by the Obama administration to institute a wide-ranging consumer privacy bill of rights that would give consumers some rights to access, control and correct the personal details companies collected about them.
Last year, the White House issued a report proposing that Congress enact such a consumer privacy bill. The report said the bill would rely on codes of conduct, worked out in industry-advocacy group negotiations, to specify how different industries would adhere to those principles. The administration has yet to make public the proposed text for the legislation.
But some participants who helped develop the mobile app transparency notices said the modest gains that resulted for consumers indicated a need for stronger privacy legislation and regulation.
“If we want to move expeditiously through bigger issues, we are going to need some legislative action,” said Christopher Calabrese, legislative counsel for privacy issues at the Washington office of the A.C.L.U. Autor: Natasha Singer