The Federal Trade Commission has released a major report on
privacy in which it makes a number of recommendations to the industry. Those follow in the wake of an $800,000 civil penalty against the maker of a social networking mobile app that illegally collected children's personal
without parental consent.
The report recommends improvements to companies with mobile platforms, and to app developers and their trade organizations, ad networks and analytics companies. Many of the recommendations relate to timely disclosure to users of what is collected and how it is used.
"These best practices will help to safeguard consumer privacy and build trust in the mobile marketplace," FTC Chairman Jon Leibowitz said in a statement. The report is based on the agency's experience with mobile issues and on information obtained in a FTC workshop held in May 2012, which was attended by representatives from the mobile industry, trade associations, academia and consumer privacy groups.
Recommendations for Platforms, Developers
The FTC said that 57 percent of all app users have uninstalled an app because of privacy concerns, or declined to install one. Fewer than a third of American mobile users said they were in control of the personal data on their mobile devices.
The recommendations for mobile platforms include providing just-in-time disclosures to users about making geolocation and other sensitive information available to apps, and only doing so after user consent. The agency suggests that companies "consider developing" a single dashboard for users to review the personal data obtained by their mobile apps.
A key recommendation is that companies consider offering a Do Not Track mechanism for smartphone users, so that users could choose to opt out of having their path through apps or the Web reported to ad networks or other third parties.
Similarly, the report makes recommendations for ad networks to communicate with app developers about what data they collect, and to work with platforms to implement Do Not Track.
'Mostly Slaps on Wrist'
Brad Shimmin, an analyst with industry firm Current Analysis, said that the FTC "historically has done mostly slaps on the wrist" for privacy violations. He noted that, for many Net-related companies, even a penalty sized at $800,000 is simply the cost of doing business. But, he added, the FTC report could help to raise awareness by consumers, businesses and the industry.
The $800,000 penalty was announced last week. It had been imposed by the FTC on Path, maker of a social networking app which allows users to keep journals and share them.
The FTC said that Path automatically obtained and used personal data from a mobile user's address book without the user's knowledge, and in fact misled users about what it was actually collecting. It also violated the U.S. Children's Online Privacy Protection Act by collecting personal data from an estimated 3,000 children under 13 without their parents' consent.