Mobile App Developers: 5 Data Privacy Tips To Keep You Compliant
Recently this month, the Federal Trade Commission (FTC) issued a series of guidelines for mobile app developers to help them avoid costly fines by complying with truth-in-advertising standards and privacy principles. Given the recent efforts by the FTC in levying "5-digit" fines on mobile app developers who fail to obey data privacy laws, the FTC's guidelines highlight the significant importance of app developers to be extra cautious about their use of online legal terms - particularly privacy policies, terms of service and end user license agreements.
In its guide, the FTC stressed the principles of "Accuracy", "Transparency" and "Clear and Conspicuous" as ways to keep app developers from violating costly privacy laws and regulatory requirements. In summary, here are the FTC's top 5 takeaways:
1) Speak the Truth
As the famous British writer Saki once wrote, "a little inaccuracy sometimes saves tons of explanation." In the FTC's eyes, once you offer your app to the public, you become an advertiser.
- Rule number one: don't make any claims about your app that aren't credible and supported by evidence.
- Rule number two: any such evidence and supporting information must be conspicuous.
Therefore, provide all information to users that is easy to find and understand. The FTC's Business Center offers further guidance on how to make proper claims for certain types of apps.
2) Transparency and Accuracy
3) To Honor and Obey
The FTC has fined dozens of app developers who claimed to safeguard user data in a certain way but were not living up to their claims. Many other app developers have also been fined for making broad statements about their practices and failing to disclose the full extent of their data sharing activities. If you make statements about how user data will be collected and stored, you must live up to those statements. If you need to materially change your data collection practices in the future, it is suggested by the FTC that you must also obtain your user's consent.
4) Ask Before Taking
If your app collects sensitive information from users - i.e., precise geolocation, financial, medical or private information - it's extremely important that you obtain their affirmative consent in advance. More importantly, if your app is targeted at children or is likely to collect information from children under the age of 13, there are very specific requirements (under the Children's Online Privacy Protection Act (COPPA) and the FTC's COPPA Rule) regarding data collection, storage and parental consent.
5) Lock it Down
The FTC offers 4 principles to follow regarding protection of users' sensitive data:
- only collect that which serves a legitimate business purpose;
- take reasonable precautions against well-known security risks;
- limit access on a need-to-know basis, and
- adequately destroy data if you no longer need it.
If there is a takeaway from these FTC guidelines it's that the devil is in the details when it comes to app privacy policies, end user licenses and terms of service. A reputable technology attorney will be able to easily understand the business model of a mobile app and efficiently provide a set of legal terms that keeps the app developer out of harm's way, and provides them the flexibility they need to access and use important user information.