California Attorney General Kamala Harris has issued privacy guidelines for mobile apps. In a statement introducing the guidelines, Ms. Harris writes:
The mobile app industry is growing fast, but it is still in the early stages of development, with practitioners who are not all alert to privacy implications and how to address them. To help educate the industry and promote privacy best practices, the Attorney General’s Privacy Enforcement and Protection Unit has prepared Privacy on the Go: Recommendations for the Mobile Ecosystem. The recommendations, which in many places offer greater protection than afforded by existing law, are intended to encourage app developers and other players in the mobile sphere to consider privacy at the outset of the design process.
Recognizing that the legally required general privacy policy is not always the most effective way to get consumers’ attention, Privacy on the Go recommends a “surprise minimization” approach. This approach means supplementing the general privacy policy with enhanced measures to alert users and give them control over data practices that are not related to an app’s basic functionality or that involve sensitive information.
Highlights of Recommendations
For App Developers
• Start with a data checklist to review the personally indentifiable data your app could collect and use it to make decisions on your privacy practices.
• Avoid or limit collecting personally identifiable data not needed for your app’s basic functionality.
• Develop a privacy policy that is clear, accurate, and conspicuously accessible to users and potential users.
• Use enhanced measures – “special notices” or the combination of a short privacy statement and privacy controls – to draw users’ attention to data practices that may be unexpected and to enable them to make meaningful choices.For App Platform Providers
• Make app privacy policies accessible from the app platform so that they may be reviewed before a user downloads an app.
• Use the platform to educate users on mobile privacy.For Mobile Ad Networks
• Avoid using out-of-app ads that are delivered by modifying browser settings or placing icons on the mobile desktop.
• Have a privacy policy and provide it to the app developers who will enable the delivery of targeted ads through your network.
• Move away from the use of interchangeable device-specific identifiers and transition to app-specific or temporary device identifiers.For Operating System Developers
• Develop global privacy settings that allow users to control the data and device features accessible to apps.For Mobile Carriers
• Leverage your ongoing relationship with mobile customers to educate them on mobile privacy and particularly on children’s privacy
You can access the full guidelines in Privacy on the Go here.