Mobile device makers urged to get tough on customer privacy
Online companies may face action by Congress to toughen US privacy standards if they don't do a better job of protecting the privacy of mobile device users, according to Federal Trade Commission Chairman Jon Leibowitz .
If some companies "don't wake up and do the right thing, my sense is that (the) industry is far more likely to face much more prescriptive laws down the road", Leibowitz, the outgoing FTC head, said during a conference call with reporters. "I don't think that's going to be very far down the road because privacy is the quintessential bipartisan issue in Congress."
The FTC this month released a set of mobile-privacy recommendations for application stores, such as those run by Apple Inc and Google Inc, app developers and online advertising networks. FTC staff "strongly encourages" companies to adopt the non-binding guidelines, the agency said in a news release.
The growing popularity of mobile devices and apps that can, for example, track a user's location and habits has prompted hearings and proposals by the United States lawmakers for privacy legislation. Mobile application store revenue is expected to reach $74 billion in 2016, from $15 billion last year, according to technology research firm Gartner Inc.
'Massive' data
The FTC report is a reminder to industry that the agency is "on the case", said Jeffrey Chester, executive director of the Center for Digital Democracy, a Washington-based privacy group. At the same time, Chester said the report fell short by focusing on how companies disclose their data practices without looking at the broader issue of how they collect information from users.
"Consumers aren't aware of the massive amounts of data scooped out of the mobile device that are used, analyzed and sold to the highest bidder," Chester said.
The FTC also announced a settlement earlier this month with Path Inc, the developer of a mobile social-networking application, over complaints that it deceived consumers by collecting personal information from mobile address books.
As part of the settlement, Path will develop a comprehensive privacy program and submit to independent privacy assessments over the next 20 years, according to the FTC. The company will also pay $800,000 to settle charges that it illegally collected data from about 3,000 children without getting their parents' consent. Path said in a blog post that it has since closed those accounts.
The FTC mobile-privacy report contains guidelines for mobile "platforms" such as Apple and Google, recommending that they develop a dashboard for users to see the type of content accessed by apps they have downloaded, tell users to what extent they review apps before making them available and offer a "do not track" mechanism to let consumers prevent tracking by ad networks and other third parties.
Apple spokesman Tom Neumayr declined to comment. Niki Fenwick, a spokeswoman for Google, didn't immediately respond to an e-mail seeking comment.
The report says app developers should immediately get customers' consent before accessing and sharing sensitive information and do a better job of understanding how they integrate with ad networks to provide better disclosure to users about information that's being collected.
California effort
"The Commission's recommendation to make privacy policies a requirement for apps is a sensible step and one that ACT has been advocating to its members for some time," Morgan Reed, executive director of the Association for Competitive Technology, a group representing 5,000 app developers and technology firms, said in an e-mail message.
California Attorney General Kamala Harris has taken a prominent role in mobile-privacy efforts, warning companies to adhere to a state law requiring apps to have a privacy policy. Harris announced last February that Apple, Google and other mobile platforms signed an agreement to encourage compliance with the law.
Separate from the FTC, the US Commerce Department is holding a series of meetings involving companies and consumer advocates to hammer out a voluntary code of conduct for informing users about the kinds of personal data their mobile applications collect and how the information is used.