the mobile evolutionthe mobile evolution web mobile touch mobile app integrated mobile apps 2 ....

1

THE MOBILE EVOLUTION

Web Mobile

Touch

Mobile App

Integrated

Mobile

Apps

2

BRAVE NEW WORLD OR BUSINESS AS USUAL?

Apps are increasingly integrated with other apps and incorporate dynamic features – i.e. phone, payment and geolocation

Rich layered data

+

Rich user experience

=

Complicated privacy issues

3

WHAT’S OLD IS NEW AGAIN

Disclosure

Choice

Consent

Security

4

MOBILE/SOCIAL APPS PRESENT NEW CHALLENGES

5

WHAT MAKES TODAY’S APPS DIFFERENT?

• Social

• Personalized

• Persistent

• Ubiquitous & Casual

• Instant & Viral

• Dynamic & Integrated

• Correlated

6

KEY QUESTIONS FOR WHOLE-APP EXPERIENCE

• What data is being collected?

• Who is collecting the data?

• Who owns the data?

• Who is responsible for security?

• Who needs to make disclosures?

• Which disclosures need to be made?

Answers usually implicate multiple parties . . .

7

SOCIAL APPS

Ubiquitous features

• Post – text, photos, spending, “bio-events”

• Tag – friends, location

• Share – every/anything

• Track –self or others by location, activity

8

Illustration only: Instagram

DEDICATED BANKING AND PAYMENT APPS

Sensitive Data Required

• Bank Account Information

• Credit Card Number

• SSN, TIN, etc.

• Personal demographic data

9

Illustration only: Google Wallet

RETAIL APPS

Used in retail strategy:

• QR codes

• Rewards

• Special in store offers

• User Generate Content

• Social networking/sharing

• Make purchases

10

Illustration only: Famous Footwear

HEALTH APPS

11

• Interact with Physicians

• Get test results

• Renew prescriptions

• Schedule appointments

• Request treatment

Illustration only: One Medical

NOT JUST MAPPING APPS . . .

• Myriad of “dating” and social real time apps identify users by photo, age, gender, location, etc.

• Active pinging?

• Builds on social profile (only social log-in)

Do users know what they are consenting to?

12

Illustration only: People Nearby

NOTICE & DISCLOSURES: WHAT TO COVER

13

BEHAVIORAL ADVERTISING

• Targeting

• Tracking

• Sharing information and working with third parties

Is any of this going on in your app?

14

SHARING AND POSTING ACROSS SITES/APPS

20

• 3rd party code?

• How, when, and what data is shared with third parties?

• Can you give users options?

Do you know the answers

For your app?

Illustration only: Yelp

LOCATION DATA

• How often/when are you collecting it?

• How much data are you collecting?

• Is anyone else collecting it?

• What are you doing with it?

• How long are you keeping it?

Do you provide notice?

Do you ask for consent? (in the app)

21

Illustration only: Yelp

COMBINING AND DERIVING DATA – “BIG DATA”

• Are you combining multiple data sets in order to derive information in an unexpected manner?

• Are you using data in a way that would surprise the user?

• Are you using the data to deliver an unexpected result?

17

ACCESSING CONTENT

Does your app use or access “other” data?

• Contacts

• Photos/Video

• Purchases/Wishlists/Likes

• Geo-tags

18

Illustration only: Evite

INTERNET OF THINGS

Is your app “thingy”?

• GPS/WiFi/Bluetooth/Cellular

• Camera

• Microphone

• NFC

• Biometrics

Users may not be aware of collection . . .

19

Illustration only: Up by Jawbone

BEST PRACTICES

20

KNOW WHAT YOUR APP COLLECTS

• Log in information for integrated apps?

• Geolocation data?

• Payment information?

• Biometric data?

KNOW YOUR PLATFORM

• Apple iTunes Store

– iOS Developer Program License Agreement

– App Store Review Guidelines

• Android

– Android Market Developer Distribution Agreement

• Microsoft

– App Developer Agreement

• Facebook

– Facebook Platform Policies

22

PROVIDE NOTICE

• Have a Privacy Policy

– Even if you collect small amounts of data!

– Understand what you are collecting

– Understand how you are using data

• Make it conspicuous

23

Illustration only: Instagram

BE TRANSPARENT

• Be clear and specific

• ID boundaries of your data collection v. third parties

– Tell users when you link their data to a specific device

• Do not exceed boundaries

• Consider asking permission before any unexpected use

24

SENSITIVE INFORMATION

• Consider providing an “Enhanced Notice”

• Children

• Financial Information

• Healthcare Information

• Protected Class

25

Illustration only: Uber

OFFER USERS CONTROL & CHOICE

• Individual Choice

– Collection

– Storage

– Transfer

• Opt-Out vs. Opt-In

• Controls over social/ automatic sharing

26

Illustration only: Paypal

MAKE NOTICE AS ACCESSIBLE AS THE FUNCTIONALITY

• Make policy conspicuous and available prior to download

• Make the policy available from within the app and easily accessible

– E.g., offer to email or print from mobile devices

27

Illustration only: Uber

CHANGE MANAGEMENT

• If you change how app collects data, revisit your policy, too.

• Be mindful of unexpected uses.

• Let users know when there has been a change to the privacy policy.

• Get op-in for data collected under a different privacy policy.

28

29

THANK YOU

30

Laura Hamady, CIPP/US Associate General Counsel, Regulatory & Chief Privacy Officer Groupon, Inc Gregory P. Silberman, CISSP Partner Jones Day