Mobile App Developers: 5 Data Privacy Tips To Keep You Compliant

Mobile Apps

Recently this month, the Federal Trade Commission (FTC) issued a series of guidelines for mobile app developers to help them avoid costly fines by complying with truth-in-advertising standards and privacy principles. Given the recent efforts by the FTC in levying "5-digit" fines on mobile app developers who fail to obey data privacy laws, the FTC's guidelines highlight the significant importance of app developers to be extra cautious about their use of online legal terms - particularly privacy policies, terms of service and end user license agreements.

In its guide, the FTC stressed the principles of "Accuracy", "Transparency" and "Clear and Conspicuous" as ways to keep app developers from violating costly privacy laws and regulatory requirements. In summary, here are the FTC's top 5 takeaways:

1) Speak the Truth

As the famous British writer Saki once wrote, "a little inaccuracy sometimes saves tons of explanation." In the FTC's eyes, once you offer your app to the public, you become an advertiser.

  • Rule number one: don't make any claims about your app that aren't credible and supported by evidence.
  • Rule number two: any such evidence and supporting information must be conspicuous.

Therefore, provide all information to users that is easy to find and understand. The FTC's Business Center offers further guidance on how to make proper claims for certain types of apps.

2) Transparency and Accuracy

Privacy policies must not only be accurate in describing how the app collects and shares data, but users should be offered tools to control their privacy settings that are both easy-to-find and easy-to-use. It is a best practice to have a privacy policy that explains which types of information your app collects, how it is collected and how such data is shared. App developers frequently run afoul of privacy laws when their policies and legal terms provide inaccurate information about their data collection activities.

3) To Honor and Obey

The FTC has fined dozens of app developers who claimed to safeguard user data in a certain way but were not living up to their claims. Many other app developers have also been fined for making broad statements about their practices and failing to disclose the full extent of their data sharing activities. If you make statements about how user data will be collected and stored, you must live up to those statements. If you need to materially change your data collection practices in the future, it is suggested by the FTC that you must also obtain your user's consent.

4) Ask Before Taking

If your app collects sensitive information from users - i.e., precise geolocation, financial, medical or private information - it's extremely important that you obtain their affirmative consent in advance. More importantly, if your app is targeted at children or is likely to collect information from children under the age of 13, there are very specific requirements (under the Children's Online Privacy Protection Act (COPPA) and the FTC's COPPA Rule) regarding data collection, storage and parental consent.

5) Lock it Down

The FTC offers 4 principles to follow regarding protection of users' sensitive data:

  1. only collect that which serves a legitimate business purpose;
  2. take reasonable precautions against well-known security risks;
  3. limit access on a need-to-know basis, and
  4. adequately destroy data if you no longer need it.

In the past, many mobile app developers (particularly start-up developers) have simply copied legal terms (i.e., privacy policies and terms of use) from other mobile app websites and incorporated them into their own app products or sites. As the recent FTC guidelines and enforcement actions clearly demonstrate, using copied legal terms (that aren't specifically tailored to an app or the company's data collection practices) can lead to sizable regulatory fines and legal fees.

If there is a takeaway from these FTC guidelines it's that the devil is in the details when it comes to app privacy policies, end user licenses and terms of service. A reputable technology attorney will be able to easily understand the business model of a mobile app and efficiently provide a set of legal terms that keeps the app developer out of harm's way, and provides them the flexibility they need to access and use important user information.