1. FTC to Mobile App Developers: Don’t Lie About User Privacy

    image

    “…Path automatically collected and stored personal information from the user’s mobile device address book. This practice, we believe, was deceptive and violated the FTC Act. We also believe that Path collected information from children under 13 without obtaining parental consent, in violation of the Children’s Online Privacy Protection Act. 

    Path agreed to pay an $800,000 civil penalty.” (Outgoing FTC Chair Jon Leibowitz

    On February 1, the Federal Trade Commission sent an important signal to mobile app developers everywhere: consumer privacy is paramount to your future. 

    Don’t believe it? Just ask Path, the social networking app hit with an $800,000 fine and 20 years of probation for unlawfully collecting user information and violating the Children’s Online Privacy Protection Act (COPPA). 

    Five early takeaways from the FTC-Path story, for app developers:

    1. Tell the truth about data collection:

    “The settlement prohibits Path from making misrepresentations about its data collection practices. In an injunctive provision that requires Path to clearly and conspicuously disclose its data collection from mobile devices, the FTC states that categories of information accessed or collected from a user’s mobile device must be disclosed separate from any ‘privacy policy,’ ‘terms of use,’ ‘blog,’ ‘statement of values,’ or similar document… [It] is clear is that burying the disclosure in a privacy policy, even in a short form in-app policy, will not pass muster.” (Reed Smith

    2. Violating consumer privacy carries a significant cost:

    “For a relatively new startup like Path, the $800,000 fine is a significant deterrent measure and signals the FTC’s serious commitment to consumer, especially child consumer, privacy… Accordingly, mobile developers should look to this settlement, and the underlying charges, as a touchstone going forward.” (Sheppard Mullin

    3. Federal regulators are just getting started:

    “The FTC settlement is a lesson for both start-ups and established companies as the FTC is getting increasingly aggressive in addressing privacy breaches.   As illustrated by the outgoing FTC Commissioner’s comment on the Path settlement:  ‘… This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans.’” (Cohen & Gresser

    4. The FTC isn’t the only one to worry about: 

    “The Path settlement illustrates the serious consequences for app developers and others when it comes to privacy-related statements and practices… The bottom line is that consumer privacy issues remain at the forefront for regulators, raise the potential for private class action litigation, and appear likely to garner increased legislative attention.” (Wilson Sonsini

    5. The terms of Path’s settlement may well become rules for all:

    “Even though this … is ostensibly limited to Path, the Order sets a potential precedent for the regulation of the collection and usage of data in ‘non-obvious’ or secondary situations. The FTC has emphasized the importance of heightened notice and express consent for these types of data collection, and in the just-released Mobile Privacy Disclosures Report, the FTC recommends that apps provide ‘just-in-time disclosures and obtain affirmative express consent before collecting and sharing sensitive information.’ Here, however, the FTC has made it a legal requirement that Path do the same. Express consent under these circumstances would be a new requirement, and this case sets the FTC on that ‘path.’” (Morrison & Foerster

    —- 

    The updates:

    —- 

    See also:

    —- 

    Read additional legal commentary and analysis on the Path settlement»

Notes

  1. omalleyprivacy reblogged this from is-that-jdsupra and added:
    Excellent summary of FTC mobile guidelines.
  2. is-that-jdsupra posted this