5 Data Privacy Tips for Mobile App Developers

5 Data Privacy Tips for Mobile App Developers

Recently this month, the Federal Trade Commission (FTC) issued a series of guidelines for mobile app developers to help them avoid costly fines by complying with truth in advertising standards and privacy principles. Given the recent efforts by the FTC in levying “5-digit” fines on mobile app developers who fail to obey data privacy laws, the FTC’s guidelines highlight how significantly important it is  for app developers to be extra cautious about their use of online legal terms – particularly privacy policies, terms of service, and end user license agreements.

In its guide, the FTC stressed the principles of “Accuracy“, “Transparency,” and “Clear and Conspicuous” as ways to keep app developers from violating costly privacy laws and regulatory requirements. In summary, here are the FTC’s top 5 takeaways:

1) Speak the Truth

As the famous British writer Saki once wrote, “a little inaccuracy sometimes saves tons of explanation.” In the FTC’s eyes, once you offer your app to the public, you become an advertiser.

  • Rule number one: Don’t make any claims about your app that aren’t credible and supported by evidence.
  • Rule number two: Any such evidence and supporting information must be conspicuous.

Therefore, provide all information that is easy to find and understand to users. The FTC’s Business Center offers further guidance on how to make proper claims for certain types of apps.

2) Transparency and Accuracy

Privacy policies must not only be accurate in describing how the app collects and shares data but also users should be offered tools to control their privacy settings that are both easy to find and easy to use. It is a best practice to have a privacy policy that explains which types of information your app collects, how they are collected, and how such data is shared. App developers frequently run afoul of privacy laws when their policies and legal terms provide inaccurate information about their data collection activities.

3) To Honor and Obey

The FTC has fined dozens of app developers who claimed to safeguard user data in a certain way but were not living up to their claims. Many other app developers have also been fined for making broad statements about their practices and failing to disclose the full extent of their data sharing activities. If you make statements about how user data will be collected and stored, you must live up to those statements. If you need to materially change your data collection practices in the future, it is suggested by the FTC that you must also obtain your users’ consent.

4) Ask Before Taking

If your app collects sensitive information from users – i.e., precise geolocation, financial, medical, or private information – it’s extremely important that you obtain their affirmative consent in advance. More importantly, if your app is targeted at children or is likely to collect information from children under the age of 13, there are very specific requirements (under the Children’s Online Privacy Protection Act (COPPA) and the FTC’s COPPA Rule) regarding data collection, storage, and parental consent.

5) Lock It Down

The FTC offers 4 principles to follow regarding the protection of users’ sensitive data:

  1. Only collect that which serves a legitimate business purpose.
  2. Take reasonable precautions against well-known security risks.
  3. Limit access on a need-to-know basis.
  4. Adequately destroy data if you no longer need it.

In the past, many mobile app developers (particularly start-up developers) have simply copied legal terms (i.e., privacy policies and terms of use) from other mobile app websites and incorporated them into their own app products or sites.

If there is a takeaway from these FTC guidelines, it’s that the devil is in the details when it comes to app privacy policies, end user licenses, and terms of service. A reputable technology attorney will be able to easily understand the business model of a mobile app and efficiently provide a set of legal terms that keeps the app developer out of harm’s way while providing them with the flexibility they need to access and use important user information.


Please do not include any confidential or sensitive information in this form. This form sends information by non-encrypted e-mail which is not secure.

Submitting this form does not create an attorney-client relationship.