Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade Commission

Download Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade Commission

Post on 18-Dec-2014

152 views

Category:

Technology

0 download

DESCRIPTION

Mobile Apps for Kids: Current Privacy Disclosures are Dis app ointing This session will lay out the key findings of the FTCs staff report on kids apps, which recommends that players in the kids mobile app ecosystem provide better information to parents about apps data collection practices. We will also discuss the FTCs recent privacy initiatives and their application to mobile channels. Patricia Poss, Chief, BCP Mobile Technology Unit, Division of Financial Practices. Bureau of Consumer Protection - Federal Trade Commission

TRANSCRIPT

  • 1. Patricia PossFederal Trade Commission The views expressed are those of the speaker and not necessarily those of the FTC or any other person. 1
  • 2. Mobile Technology Unit Law enforcement actions Policy initiatives 2
  • 3. Dedicated staff Technologist assistance Testing capabilities 3
  • 4. Section 5 of the Federal Trade Commission Act broadly prohibits unfair or deceptive acts or practices in or affecting commerce. Deception a material representation or omission that is likely to mislead consumers acting reasonably under the circumstances Unfairness practices that cause or are likely to cause substantial injury to consumers that are not outweighed by countervailing benefits to consumers or competition and are not reasonably avoidable by consumers. Flexible law that can be applied to many different situations, entities, and technologies. 4
  • 5. W3 Innovations Frostwire Google Facebook Mobile background screeners - warning letters 5
  • 6. Complex ecosystem Operating system providers Application developers Handset manufacturers Carriers Ad networks Service providers 6
  • 7. Screen size Communication channels: texting, mobile web browser, mobile apps On the go nature of use Personal Additional hardware capabilities camera, microphone, gyroscope, compass, etc. GPS & location features Easy sharing of user information Rapidly evolving technology 7
  • 8. Who collects what information? How is it used? With whom is it shared? Are consumers being adequately informed? Do they have a choice? 8
  • 9. Issued Final Report, March 2012. Applies to Mobile environment. Key elements: Privacy by Design, Simplified Choice, and Greater Transparency. 9
  • 10. Collection and use of data is ubiquitous and often invisible. Consumers lack an understanding of the nature and extent of this collection. Many consumers are concerned. Collection and use has led to significant benefits. Traditional distinctions between personally identifiable and anonymous data are blurred. 10
  • 11. Make privacy the default setting for commercial data practices. Give consumers greater control through simplified choices and increased transparency. Implementing will enhance trust and stimulate commerce. 11
  • 12. Intended to articulate best practices for companies. Intended to assist Congress as it considers privacy legislation. Not intended to serve as a template for law enforcement action or regulations. 12
  • 13. Bake-in privacy -- Companies should promote consumer privacy throughout their organizations. Companies should incorporate substantial privacy protections into their practices, such as data security, reasonable collection limits, sound retention and disposal, and data accuracy. 13
  • 14. Limit collection to data they need for a requested service or transaction. Ex. Wallpaper app doesnt need location. Location data collection heightens need for reasonable policies for purging data. Minimize the risk that information could be used in harmful or unexpected ways. Calls on mobile entities to establish standards that address data collection, transfer, use and disposal, particularly for location data. 14
  • 15. If data is shared with third parties, work to provide more prominent notice and choices about such practices. Not all companies have adequately disclosed the frequency or extent of the collection, transfer, and use of data. 15
  • 16. Provide easy-to-use choice mechanisms that allow consumers to control whether their data is collected and how it is used. Companies do not need to provide choice for practices that are consistent with the context. Fraud preventions, internal operations, fulfillment, legal compliances and public purpose, and first-party marketing. For practices requiring choice, companies should offer the choice at a time and in a context in which the consumer is making a decision about his or her data. Companies should obtain affirmative express consent before: 1) using consumer data in a materially different manner than claimed or 2) collecting sensitive data. 16
  • 17. Increase the transparency of data practices. Privacy notices should be clearer, shorter, and more standardized to enable comprehension and comparison. Calls on mobile participants to develop short meaningful disclosures. Urges companies providing mobile services to develop standard notices, icons, and other means to communicate with consumers in a consistent and clear way. Dot Com Disclosure Workshop May 30, 2012. 17
  • 18. 18
  • 19. Reviewed kids apps in Apples iTunes App Store and Googles Market. Looked for disclosures available in the app stores or on developers websites. Very little information disclosed prior to download. Recommendation app stores, developers and other ecosystem participants need to improve disclosures regarding data practices. 19
  • 20. 20
  • 21. 21

Recommended

View more >