INSIGHT on the Issues

Similar documents
Mobile Apps - Privacy and Policy Issues

US 2013 Consumer Data Privacy Study Mobile Edition

The Rise of the Connected Viewer

November 2016 G. Oscar Anderson, Senior Research Advisor AARP Research

CO-OP Mobile: Mobile App for ipads. April 18, 2013

D A T A D I G E S T PUBLIC POLICY INSTITUTE PPI UNSOLICITED COMMERCIAL (SPAM) AND OLDER PERSONS ONLINE

Survey Questions and Methodology

April 2, National Telecommunications and Information Administration 1401 Constitution Avenue NW Room 4725 Washington, DC 20230

Survey Questions and Methodology

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

The State of the Trust Gap in 2015

Sample: n=2,252 national adults, age 18 and older, including 1,127 cell phone interviews Interviewing dates:

Smartphone Ownership 2013 Update

Almost half of all internet users now use search engines on a typical day

Sample: n=2,252 national adults, age 18 and older, including 1,127 cell phone interviews Interviewing dates:

Sample: n=2,252 national adults, age 18 and older, including 1,127 cell phone interviews Interviewing dates:

How App Ratings and Reviews Impact Rank on Google Play and the App Store

Eagles Charitable Foundation Privacy Policy

NAI Mobile Application Code

Spring Change Assessment Survey 2010 Final Topline 6/4/10 Data for April 29 May 30, 2010

TRUSTED MOBILITY INDEX

Privacy: Pre- and Post-Breach

Text Messaging Helps Your Small Business Perform Big

Privacy Policy- ADDO Worldwide LLC LAST UPDATED: September 9, 2014

WELCOME INDUSTRY CONFERENCE

Internet, Science & Tech RESEARCH AREAS. Mobile Fact Sheet MORE FACT SHEETS: INTERNET/BROADBAND SOCIAL MEDIA

NinthDecimal Mobile Audience Q Insights Report

GPS // Guide to Practice Success

ELECTRIC APP - PRIVACY POLICY

The Wireless Industry: Collaborating for an Accessible Ecosystem. m-enabling Summit 2014 Matthew Gerst CTIA The Wireless Association

Personal Information You Provide When Visiting Danaher Sites

3. How is technology used to serve our advertisements on other Sites that you visit and what choices do you have?

Privacy Policy. Full Policy. We will never sell your information to anyone.

Mobile Access July 7, 2010 Aaron Smith, Research Specialist.

Quality of. The importance of TV-like quality on every device. experience. Quality matters.

Mobile Commerce via Smartphone & Co

emarketer US Social Network Usage StatPack

More%than%one%third%of%mobile%consumers%comparison%shop%on%while%in5store%

Mapping to the National Broadband Plan

The Staff Report highlights just how critical a comprehensive review of the

PRIVACY POLICY VANTAGE HOMES

Technology adoption by lower income populations

Automotive Privacy. A discussion of privacy and security legal compliance for the automotive industry

Federal Trade Commission Protecting Consumer Privacy. J. Howard Beales, III, Director Bureau of Consumer Protection Federal Trade Commission

Broadband Opportunities and Challenges in the United States

Preview. Mobile Payments. Payments Strategy Series. A Guide to Planning Your Approach. Price: $150

What information is collected from you and how it is used

Consistent Measurement of Broadband Availability

Chapter 3 Information and Communication Technology (ICT) and EEE Consumption Trends

Research Report: Voice over Internet Protocol (VoIP)

THE CAN-SPAM ACT OF 2003: FREQUENTLY ASKED QUESTIONS EFFECTIVE JANUARY 1, December 29, 2003

Paying. on the go: Mobile payments slowly catch on in the United States

Consistent Measurement of Broadband Availability

2013, Healthcare Intelligence Network

PayThankYou LLC Privacy Policy

Beam Technologies Inc. Privacy Policy

Javelin s Top Financial Institutions for Mobile Banking in 2013

Go Time for Mobile Wallets?

Hot Topics in Privacy

Hot Topics in Privacy

Annual Gadgets Survey Final Topline 4/21/06

NinthDecimal Mobile Audience Q Insights Report

AMCTHEATRES.COM - PRIVACY POLICY

Wireless Communications Initiative

Table of Contents. Location-Based Engagement 2-7. Responding to advertising 2. Usage of Mobile Apps 4. Mobile Shopping 5. Smartphone Owners 7

Mobile: measurability unlocks spending

etouches, Inc. Privacy Policy

- Samsung Tablet Photo - Tablets Mean Business. Survey of IT pros reflects growing trend toward tablets for workforce mobility and more

1. INFORMATION WE COLLECT AND THE REASON FOR THE COLLECTION 2. HOW WE USE COOKIES AND OTHER TRACKING TECHNOLOGY TO COLLECT INFORMATION 3

EnviroIssues Privacy Policy Effective Date:

Transitioning to an IP economy Modernizing regulation to spur investment and keep up with consumer demand

FACTS & FIGURES FEBRUARY 2014

AMERICANS USE OF THE U.S. POSTAL SERVICE: AN AARP BULLETIN SURVEY

Report of the Working Group on mhealth Assessment Guidelines February 2016 March 2017

Privacy, Law, and Smartphones

Topline Questionnaire

Online Privacy Notice

Survey Guide: Businesses Should Begin Preparing for the Death of the Password

PRIVACY POLICY. Personal Information Our Company R&D Enterprises Group, LLC Collects and How It Is Used

Developing and Implementing Data Protection Law: Malaysia and Beyond

Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?

Expert Reference Series of White Papers. IPv6: Are We There Yet?

Insights JiWire Mobile Audience Insights Report Q2 2012

CICS insights from IT professionals revealed

The Mobilization of Cash Management The Journey, the Destination and the Future

Insights JiWire Mobile Audience Insights Report Q4 2012

App Economy Market analysis for Economic Development

Trends in Telecommunications: Global & Local. September 2012

Effective October 31, Privacy Policy

6th Annual 15miles/Neustar Localeze Local Search Usage Study Conducted by comscore

6 Significant reasons to embark and establish a mobile VoIP business

Testimony of Lisa McCabe Director, State Legislative Affairs CTIA Support for Michigan Senate Bill 637 November 2, 2017

July 13, Via to RE: International Internet Policy Priorities [Docket No ]

IAB Internet Advertising Revenue Report

Before the FEDERAL COMMUNICATIONS COMMISSION Washington, D.C COMMENTS

DIGITAL CONTENT STRATEGY WORKSHOP SERIES >>> Carrie Hawthorne Consulting Fair Trade Federation Conference PART 3 MEASURING + OPTIMIZING

SEVEN Networks Open Channel Traffic Optimization

360 View on M-Commerce. Presented by S. Baranikumar

Oracle Eloqua Classic Insight Dashboards

Before the FEDERAL COMMUNICATIONS COMMISSION Washington, D.C

Transcription:

INSIGHT on the Issues Improving Mobile Device Privacy Disclosures Neal Walters AARP Public Policy Institute AARP Public Policy Institute There is increasing concern about the amount of personal information that mobile device users may be revealing without their knowledge. Studies show that older consumers are one of the fastest-growing groups of mobile device users, and they express high levels of concern about the privacy of their information. For that reason, legislators, regulators, and consumer advocates are seeking to increase the transparency of mobile data collection and sharing. Always on and always on you accurately describes how deeply many consumers have integrated mobile devices (such as cell phones, smartphones, and tablets) into their daily lives. Mobile devices allow consumers to connect to the Internet, to make audio and video phone calls, to take and send photographs and videos, and to use location-based services such as GPS mapping and navigation services. Rapid Growth of Mobile Devices Industry estimates suggest that by the end of 2013, the worldwide number of mobile-connected devices will be greater than the number of people on earth. 1 In 2012, the amount of mobile data traffic was nearly 12 times the amount of global Internet traffic in 2000. 2 As of this writing, 91 percent of adult Americans own a cell phone, 56 percent own a smartphone, and 34 percent own a tablet. 3 Smartphone use continues to increase as more consumers upgrade to those devices. 4 According to industry analysis of smartphone adoption rates, the rate of growth in smartphone use during 2012 was especially high among several demographic groups of consumers, including consumers ages 55-64, retired individuals, and large households. 5 Experts expect those numbers to grow rapidly as consumers continue to integrate mobile devices into their daily lives. Collection of Sensitive Personal Data by Mobile Devices Mobile devices are specifically associated with an individual user and are frequently carried by the user wherever he or she goes. Consequently, it is possible to collect a great deal of information about the movements and behavior of device owners. Data gathered can include precise geographic location, thus allowing the creation of detailed profiles of the device owner s movements and activities. For example, it may be possible to identify where individuals work, where they live, and what recreational activities they pursue. Such data are useful for

targeting behavioral advertisements or for perpetrating identity theft or stalking. As a result, the U.S. Government Accountability Office (GAO) notes that locational data are extremely sensitive. Moreover, GAO recommends that the Federal Trade Commission (FTC) develop detailed guidelines on how companies should manage mobile locational data. 6 Other sensitive information that can be potentially captured includes whom the owner is communicating with, the subject of Internet searches, access to photos and videos taken by the owner, and calendar activities scheduled. Such highly personal data may be available to third parties without the knowledge of the device owner. Without clear disclosure of what data are collected, who has access to those data, and how those data are used, device users have a difficult time making informed privacy decisions. Of particular concern is the use of software applications (apps) designed to work on mobile devices. Apps allow consumers to make their mobile devices more useful by providing improved functionality. Apps can make use of any or all of the device s functions, including contact lists, calendars, phone and messaging logs, locational information, Internet searches and usage, video and photo galleries, and more. Use of apps is a concern for consumers because an app may be accessing sensitive information without their knowledge. For example, an app that allows the device to function as a scientific calculator may be accessing contact lists, locational data, and phone records even though such access is unnecessary for the app to function properly. Estimates place the current number of apps available for download at more than 1.5 million, and that number is growing daily. 7 Projections indicate that the number of apps downloaded worldwide will exceed 81 billion in 2013. 8 Because no standards currently exist for providing privacy notice disclosure for apps, consumers may find it difficult to understand what data the app is collecting, how those data will be used, and what rights users have in limiting the collection and use of their data. Many apps do not provide users with privacy policy statements, making it impossible for app users to know the privacy implications of using a particular app. 9 Other apps may have privacy policies that are confusing or misleading. For example, an analysis of health and fitness apps found that more than 30 percent of the apps studied shared data with someone not disclosed in the app s privacy policy. 10 Recent research indicates that mobile device users have concerns about the privacy implications of using apps. 11 The research finds that almost 60 percent of respondents ages 50 and older decided not to install an app because of privacy concerns (see figure 1). Current Barriers to Effective Mobile Privacy Disclosures One barrier to mobile privacy disclosures is that many mobile devices have small screens that limit the effectiveness of long privacy statements that are meant to inform users about data collection and use. For example, one study found that the average length of app privacy policies was 3,068 words. 12 Standardized terminology is also lacking, as is a format for privacy disclosures, both of which cause confusion for device users who are trying to understand the implications of using a particular website or app on their mobile device. A second barrier can be the timing of the privacy disclosure. Currently, many websites and apps bury the details of 2

Figure 1. Consumer Reactions to Privacy Implications of Using Apps, by Age 60 50 Percentage of app users 40 30 20 10 0 18 29 30 49 50+ Age group Decided not to install an app due to privacy concerns Uninstalled an app due to privacy concerns Source: Jan Lauren Boyles, Aaron Smith, and Mary Madden, Privacy and Data Management on Mobile Devices, Pew Internet & American Life Project, Washington, DC, September 5, 2012. Note: Survey was conducted between March 15 and April 3, 2012 (n = 714). their privacy policy in long, general privacy disclosures that mobile device users are unlikely to read or understand. The recently released FTC privacy framework recommends that consumers should be able to make privacy choices about their data at a relevant time and context. 13 For example, before a particular app or service collects precise geographic location, the user should be notified that the information collection will occur if he or she proceeds. The FTC framework further notes that data use that is inconsistent with the original context of collection should require a separate disclosure to consumers at a relevant time and outside the general privacy policy. A third barrier to mobile privacy disclosure is the complexity of the mobile ecosystem. The number of companies involved in the mobile ecosystem that have potential access to personal data of device users has expanded since the introduction of the first cell phones. Initially, only device manufacturers and cellular carriers had access to personal data. With the advent of smartphones and tablets, personal data are now available to device manufacturers, device operating system developers, 14 wireless service providers, app developers, and advertising networks. The complex mobile ecosystem makes it difficult for consumers to understand who has access 3

to their data, what use is made of those data, and what rights they may have to limit such use. 15 Greater Transparency through Improved Privacy Disclosure Improving mobile device privacy disclosures to provide greater transparency for device users is an important issue that privacy advocates and regulators are working to address. The FTC developed a specific set of recommendations for addressing mobile device privacy issues. Those recommendations serve to provide the major participants in the mobile ecosystem with a road map for improving mobile device privacy. 16 For privacy concerns associated with the use of mobile apps, the FTC notes that device operating systems have the greatest ability to improve app privacy disclosures. Because the device operating systems approve apps for distribution on devices running their software, they can establish privacy requirements that app developers must meet before accepting an app. Such requirements include the ability to ensure that app privacy disclosures (a) are clear and concise, (b) follow a standard format, and (c) provide just-intime notifications before the app collects any sensitive data (such as geolocation). Just-in-time notification allows the user to block the app from gathering any sensitive information before its collection. Further, a device operating system-based do-not-track mechanism would give users a comprehensive way to prevent third-party advertising networks from tracking their activities. Although the device operating system may be the gatekeeper, the FTC notes that app developers can also work to provide transparent and easy-tounderstand privacy disclosures about their apps before a user downloads the 4 app. If an app may collect particularly sensitive data (such as financial or health information), the app developers should require affirmative consent from app users before collecting those types of data. Privacy disclosures should also provide clear notice about data sharing with third parties while explaining what data are shared and how such data might be used. The FTC recommends that trade associations consider developing standardized icons (figure 2) to depict app privacy practices that will create more effective privacy disclosures. 17 Current Efforts to Address Mobile Device Privacy Issues In addition to the FTC recommendations, legislators and state regulators are working to address mobile device privacy issues. For example, California requires mobile apps that collect personal information to have a privacy policy available on the app platform so consumers may view the privacy policy before downloading an app. 18 In addition, California regulators recommend that app developers follow a surprise minimization 19 approach to notify app users about data practices that involve sensitive information or that collect data unrelated to the app s basic functionality. 20 Such notifications need to be short, easy to understand, and delivered at a relevant time so app users can make informed decisions. The National Telecommunications and Information Administration (NTIA) led efforts to create an industry-backed enforceable code of conduct for mobile app privacy disclosures to improve transparency. The NTIA process used a multistakeholder effort, including industry groups, consumer groups, and government regulators. 21 However, consumer groups have criticized both the process of creating the code and the resulting code of conduct as being seriously flawed. 22 In addition, Congress

Figure 2. Potential Standardized Privacy Icons Source: National Telecommunications and Information Administration, Short Form Notice Code of Conduct user interface mockups. is considering bipartisan legislation to provide greater transparency and greater user control over mobile app privacy practices. 23 Conclusions and Recommendations Providing greater transparency for mobile device privacy is a key part of protecting the privacy of consumers who use mobile devices. Mobile device owners need greater clarity regarding the privacy implications of using their mobile devices. As more consumers continue to integrate mobile devices into their daily lives, mobile device users need to make informed decisions about limiting the types of personal data that are collected, about limiting how those data are used, and about how to exercise any rights they have to limit the collection. For that reason, regulators, legislators, and industry groups must continue to work toward improving transparency in the collection and use of personal information in the mobile device ecosystem. The following approaches are recommended: Require privacy disclosure notices that are short, standardized, and easily accessible on smaller screens. Develop standards governing the collection, transfer, use, and disposal of sensitive data, such as locational data gathered through mobile devices. Notify app users about data practices that involve sensitive information 5

or that collect data unrelated to the app s basic functionality before the collection of any such data. Create a do-not-track mechanism to give device users a comprehensive way to prevent the tracking of their activities by third-party advertising networks. Develop consumer education programs that teach mobile device users about their privacy options and how to implement them. Endnotes 1 Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2012 2017, white paper, Cisco Systems Inc., San Jose, CA, February 2013. 2 Ibid. 3 Joanna Brenner, Pew Internet: Mobile, Pew Internet & American Life Project, Washington, DC, September 18, 2013. 4 Smartphone Switch: Three-Fourths of Recent Acquirers Chose Smartphones, Nielsen Newswire, September 17, 2013, http://www.nielsen.com/us/en/newswire/2013/smartphone-switch--three-fourths-of -recent-acquirers-chose-smart.html. 5 Terri Kim, Smartphone Adoption Trends in 2012 (comscore): Smartphones Accelerating among Cost- Conscious Consumers, Moro Blog, February 23, 2012, http://blog.mobileroadie.com/2012/02/smartphone -adoption-trends-in-2012-comscore-smartphone-adoption-is-accelerating-among-cost-conscious-segments/. 6 Mobile Device Location Data: Additional Federal Actions Could Help Protect Consumer Privacy, GAO-12-903, US Government Accountability Office, Washington, DC, September 2012. 7 Leigh Shevchik, Mobile App Industry to Reach Record Revenue in 2013, New Relic (blog), April 1, 2013, http://blog.newrelic.com/2013/04/01/mobile-apps-industry-to-reach-record-revenue-in-2013/. 8 Gartner Inc., Gartner Says Free Apps Will Account for Nearly 90 Percent of Total Mobile App Store Downloads in 2012, news release, September 11, 2012, http://www.gartner.com/newsroom/id/2153215. 9 Mobile Apps for Kids: Disclosures Still Not Making the Grade, Federal Trade Commission, Washington, DC, December 2012. 10 Linda Ackerman, Mobile Health and Fitness Applications and Information Privacy, Privacy Rights Clearinghouse, San Diego, CA, July 15, 2013. 11 Jan Lauren Boyles, Aaron Smith, and Mary Madden, Privacy and Data Management on Mobile Devices, Pew Internet & American Life Project, Washington, DC, September 5, 2012. 12 More than a Quarter of the Top 100 Free Mobile Apps Don t Have a Privacy Policy, Spotlight on Mobile Privacy Policies (blog), MEF, August 20, 2013, http://mefminute.com/2013/08/20/infographic -more-than-a-quarter-of-the-top-100-free-mobile-apps-dont-have-a-privacy-policy/. 13 Protecting Consumer Privacy in an Era of Rapid Change, Federal Trade Commission, Washington, DC, March 2012. 14 Device operating system developers design the software that runs the mobile device, for example, Apple, Google, Microsoft, and Blackberry. 15 Mobile Privacy Disclosures: Building Trust through Transparency, Federal Trade Commission, Washington, DC, February 2013. 16 Ibid. 17 Ibid. 6

18 Privacy on the Go: Recommendations for the Mobile Ecosystem, California Department of Justice, Sacramento, January 2013. 19 For example, a mobile device user could reasonably expect a social networking app to access the user s contact list, but the user would likely be surprised to find that a solitaire game app does so as well. 20 Privacy on the Go. 21 Details regarding the NTIA code of conduct are available at http://www.ntia.doc.gov/other-publication /2013/privacy-multistakeholder-process-mobile-application-transparency. 22 Consumer Federation of America, CFA on the NTIA Short Form Notice Code of Conduct to Promote Transparency in Mobile Applications, news release, July 26, 2013; Center for Digital Democracy, CDD Urges FTC to Review Proposed NTIA Code of Conduct, news release, July 25, 2013. 23 See, for example, the Application Privacy, Protection, and Security Act of 2013 (HR 1913). Also, the Mobile Device Privacy Act was released as a discussion draft in the 112th Congress. Insight on the Issues 89, January 2014 Written by Neal Walters AARP Public Policy Institute 601 E Street, NW, Washington, DC 20049 www.aarp.org/ppi 202-434-3890, ppi@aarp.org 2014, AARP. Reprinting with permission only. 7 INSIGHT on the Issues

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback