Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

FTC suggests privacy guidelines for mobile apps

Edward Wyatt | Feb. 4, 2013
The Federal Trade Commission on Friday said the mobile industry should include a do-not-track feature in software and apps and take other steps to safeguard personal information.

The trade commission and the Obama administration last year issued separate sets of recommendations for safeguarding consumers’ online privacy, and the subject has attracted growing concern in Congress.

But most of the focus to date, particularly with do-not-track policies, has been on internet browsers commonly used at home but not on mobile phones. Do-not-track features let users request that their footsteps not be followed as they move around online.

The commission and the administration have begun to focus on mobile data privacy partly because smartphones let so many entities gain access to personal information, including wireless service providers, mobile operating system developers, handset manufacturers, app companies, analytics outfits and advertisers — “a degree unprecedented in the desktop environment,” the report said.

path fined

 

The activities of Path, a company in San Francisco, illustrate some of the FTC’s concerns. The company developed a social networking app that allows people to keep an online journal about moments in their lives, including written entries, photos, music to which they are listening and their location. A user can share a journal with up to 150 people. The app has been installed more than 2.5 million times.

The FTC. asserted that Path, without alerting its users, had engaged in deceptive practices because it routinely collected and stored information about the contacts in users’ address books. The privacy policy that Path provided to consumers said it collected limited, mainly technical information about users’ devices.

In fact, the commission said, Path was collecting personal details including addresses, phone numbers, usernames for Facebook and Twitter, as well as dates of birth.

The company also collected some of that information from users who, in signing up for the service, indicated that they were under age 13 without permission of their parents or disclosure of how it would use the information — violations of rules adopted under the US Children’s Online Privacy Protection Act.

Path, without admitting or denying the accusations, agreed to pay an $US800,000 fine and to comply with the children’s privacy act, destroy already collected children’s information, follow its own stated privacy policy and have its privacy efforts monitored by an outside party.

In a statement posted on its Web site, Path said that “there was a period of time where our system was not automatically rejecting people who indicated that they were under 13.” But even before the FTC. contacted the company, Path said, “we discovered and fixed this sign-up process qualification and took further action by suspending any underage accounts that had mistakenly been allowed to be created.”

The FTC staff report, which was approved by a 4-to-0 vote, with one commission member not participating, recognised that steps were already being taken to adopt best practices for privacy protection. Among them is the creation of a group, Moms With Apps, which developed a badge icon to alert parents to the advertising and data-collection practices of apps aimed at children.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.