California Attorney General Fighting for Mobile Privacy Rights

UPDATE – In an attempt to reign in the tendency of indifference toward consumer privacy among mobile application developers, California Attorney General Kamala D. Harris today made public a list of guidelines regulating the ways in which mobile application developers and technology companies handle user data and educate users about what they intend on doing with that data.

CaliforniaUPDATE – In an attempt to reign in the tendency of indifference toward consumer privacy among mobile application developers, California Attorney General Kamala D. Harris today made public a list of guidelines regulating the ways in which mobile application developers and technology companies handle user data and educate users about what they intend on doing with that data.

Many of the recommendations in Harris’s report pertain to and will affect application developers, however, the attorney general met with Amazon, Apple, Google, Hewlett-Packard, Microsoft, Research In Motion, and Facebook, all of which are heavily invested in the mobile space. All allegedly agreed to “principles designed to improve privacy protections in the mobile environment and to bring the industry in line with California law.”

Harris tasked her state’s Privacy Enforcement and Protection Unit with preparing a report titled ‘Privacy on the Go: Recommendations for the Mobile Ecosystem‘ [pdf]. The report calls on developers to formulate lists of and review the personally identifiable information that their applications are collecting. From there, developers should avoid collecting any frivolous data that aren’t necessary for the apps to function.

Beyond that, “Privacy on the Go” urges that app-makers create privacy policies that are “clear, accurate, and conspicuously accessible to users and potential users” from the various application download platforms so that consumers know what they are getting themselves into before they install an application.

The report goes a step further than merely asking app-developers to be more straightforward with their privacy policies. It encourages the use of special notices that highlight unexpected uses of user data and even point users toward controls with which they can maniplate the ways apps collect and use their information. Harris also believes that that privacy policies should be an opportunity for developers to educate users about mobile privacy in general.

The use of out-of-app ads that are delivered by modifying user-device settings and interchangeable device-specific identifiers are discouraged in the report. Moving forward, the report advises that device makers and other platform shareholders should create global privacy settings that give users the power to control which device data and features are available to applications in the first place.

In publishing this report, Harris is making good on a promise she made in late October to improve mobile privacy in her state, which is, for what it’s worth, a technological vanguard, not only in the U.S., but around the world. Whether or not Harris’s policies will have any meaningful impact on tech industry that has shown more than a little apathy toward consumer data privacy remains to be seen.

We spoke with Parker Higgins of the Electronic Frontier Foundation via email. Higgins, an activist at the digital rights group, told us that they had read Harris’s guidelines and were generally happy with them as recomendations. He said that any document could be improved but noted that the report was a positive step from an official who has already demonstrated a concern for consumer privacy online.

“As the report says, the mobile app ecosystem is large but still immature, so these kinds of guidelines are extremely welcome,” Higgins explained in the email. “People are concerned about their privacy on these very personal devices, so app developers have a good incentive to pay attention to these suggestions.”

*California State House image via  jimbowen0306‘s Flickr photostream

Suggested articles

Discussion

  • Tony Phelps on

    Unless these are seen as essential requirements by the non-technical management that funds and manages the development of apps, they will never become standards within the app development community. 

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.