Hey App, Get Off of My Cloud

Smartphone users reportedly download around 35 apps on average. Many of these seductive little software programs collect large quantities of personal data. This increasingly happens without the free and informed consent of people involved. Everyone interested in this Privacy-by-Design topic should download, read and discuss the 3rd VINT Big Data report “Privacy, Technology and the Law.” The English edition is coming up, and “PT&L” already is available in Dutch. In the U.S. therefore, there is this APPS law in the making to regulate the collection of personal and re-identified Big Data via mobile devices and  their apps. The “Application Privacy, Protection and Security (APPS) Act of 2013” is an initiative of the AppRights movement. U.S. APPS Act of 2013     This APPS Act under construction simply and lawfully asks for the necessary transparency, user control, and security with respect to mobile apps. In it Congressman Hank Johnson demands the following: “Before a mobile application collects personal data about a user of the application, the developer of the application shall provide the user with notice of the terms and conditions governing the collection, use, storage, and sharing of the personal data; and obtain the consent of the user to such terms and conditions.” Developers of mobile applications may satisfy the requirements and the regulations of the intented APPS law by following the Obama government’s code of conduct for consumer data privacy a.k.a. the “Consumer Privacy Bill of Rights,” in full: “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.” Comply or It Will Cost You . . .  Dearly!    This being under way, the U.S. Federal Trade Commission (FTC) in September 2012 already issued a clear set of guidelines for app developers called “Marketing Your Mobile App: Get It Right from the Start.” Only  to help them “comply with truth-in-advertising standards and basic privacy principles.” Fact is that many mobile app makers leave consumers confused or in the dark when it comes to app privacy options. Even worse, they deliberately mislead people, thus drowning the Golden Opportunity of monetizing Personally Identifiable Information in FUD: fear, uncertainty and doubt. Therefore, the FTC explicitely warns: “Laws that apply to established businesses apply to you, too, and violations can be costly.” To keep themselves out of trouble, app owners and marketeers should adhere to well-known Fair Information Practices regarding “Truthful Advertising” and “Privacy” as follows: Truthful Advertising 1. Tell the truth about what your app can do. 2. Disclose key information clearly and conspicuously. Privacy 3. Build privacy considerations in from the start. 4. Be transparent about your data practices. 5. Offer choices that are easy to find and easy to use. 6. Honor your privacy promises. 7. Protect kids’ privacy. 8. Collect sensitive information only with consent. 9. Keep user data secure. Global Measures Against Privacy Invasion by Apps As from March 14, the European Union is moving in the same direction. The European data protection authorities, gathered together in the so-called “Article 29 Working Party,” recently have detailed the specific obligations of app developers and all other parties involved in the development and distribution of apps under European data protection law. Other parties include app stores, advertising providers, Operating System and device manufacturers. Special attention again is being paid to apps targeting children.