Today there is an app for just about anything and everything. In recognition of this trend, this fall, the Federal Trade Commission (FTC) produced guidelines to assist developers of mobile apps to be in compliance. According to a the most recent edition of Socially Aware, the journal of social media and legal issues produced by Morrison & Foerster, this is just a signal of more to come.
The FTC guide briefly outlines best practices that developers need to adhere to in order to remain in compliance with “truth-in-advertising, privacy, and data security principles.” Says the Socially Aware authors, “The guide, called Marketing Your Mobile App: Get it Right from the Start, explains general consumer protection principles, and applies them to the context of mobile applications. Although the title of the guide suggests that the advice is primarily about marketing the apps, the FTC also gives advice about the design and implementation of apps.”
Essentially, the FTC wants app developers to be aware that mobile apps are included in its policing, under Section 5 authority, against unfair or deceptive acts or practices.
According to the guidelines on the FTC site, apps must:
- Tell the Truth About What Your App Can Do. “Whether it’s what you say on a website, in an app store, or within the app itself, you have to tell the truth,” the publication advises.
- Disclose Key Information Clearly and Conspicuously. “If you need to disclose information to make what you say accurate, your disclosures have to be clear and conspicuous.”
- Build Privacy Considerations in From the Start. Incorporate privacy protections into your practices, limit the information you collect, securely store what you hold on to, and safely dispose of what you no longer need. “For any collection or sharing of information that’s not apparent, get users’ express agreement. That way your customers aren’t unwittingly disclosing information they didn’t mean to share.”
- Offer Choices that are Easy to Find and Easy to Use. “Make it easy for people to find the tools you offer, design them so they’re simple to use, and follow through by honoring the choices users have made.”
- Honor Your Privacy Promises. “Chances are you make assurances to users about the security standards you apply or what you do with their personal information. App developers—like all other marketers—have to live up to those promises.”
- Protect Kids’ Privacy. “If your app is designed for children or if you know that you are collecting personal information from kids, you may have additional requirements under the Children’s Online Privacy Protection Act.”
- Collect Sensitive Information Only with Consent. Even when you’re not dealing with kids’ information, it’s important to get users’ affirmative OK before you collect any sensitive data from them, like medical, financial, or precise geolocation information.
- Keep User Data Secure. Statutes like the Graham-Leach-Bliley Act, the Fair Credit Reporting Act, and the Federal Trade Commission Act may require you to provide reasonable security for sensitive information. The FTC has free resources to help you develop a security plan appropriate for your business. One place to start: Protecting Personal Information: A Guide for Business.
Morrison & Foerster believe that the publishing of the guidelines signals that more enforcement actions should be expected in the near future, citing that in August 2011, the FTC reached a settlement with W3 Innovations, LLC, for alleged violations of the COPPA rule in its apps directed at children.
The entire Morrison & Foerster article can be found here [PDF].