Government Introduces First App Privacy Code of Conduct
After more than a year of discussions among industry leaders, the U.S. National Telecommunications and Information Administration completed the first version of a national privacy code of conduct for mobile apps.
Consumers have had privacy concerns relating to their smartphone usage long before any National Security Agency contractor leaked information to the global media. But one government agency took a step to address those concerns last week with the approval of a national privacy code of conduct for mobile apps.
The U.S. National Telecommunications and Information Administration (NTIA), an agency of the Commerce Department, announced it had completed work on the “Code of Conduct to Promote Transparency in Mobile App Practices Through Short Form Notices” [PDF]—a voluntary set of standards that the group hopes mobile app developers will quickly adopt. NTIA worked on the code for over a year, holding discussions with major industry players and privacy advocates, including the Internet Commerce Coalition, the Electronic Frontier Foundation, the American Civil Liberties Union (ACLU), and many others.
“NTIA is pleased that … a diverse group of stakeholders reached a seminal milestone in the efforts to enhance consumer privacy on mobile devices,” NTIA Administrator Lawrence E. Strickling said in a statement. “We encourage all the companies that participated in the discussion to move forward to test the code with their consumers.”
Similar efforts to adopt mobile app privacy guidelines have been made at the state level but have faced pushback from industry groups. What makes the NTIA code different is the call for “short-form notices,” pictured above, which app makers would provide to users before download or purchase. These notices would inform the user on what kinds of data the app collects and shares.
Several industry groups and privacy advocates have shown support for the code since it was made public.
“The [ACLU] supports this code as a modest but important step forward for consumer privacy,” Christopher Calabrese, legislative counsel at ACLU’s Washington, DC, office, said in a statement. “It allows applications to compete on privacy and gives consumers a tool to pick the most privacy-friendly applications.”
The Online Publishers Association, which participated in the discussions, also stood behind the code.
“OPA strongly supports the need for app providers to be transparent about their practices on the collection and use of their users’ data,” the group said in a statement. “We support the NTIA as it provides important guidance to app developers and providers as they design and implement their privacy regime.”
However, some advocacy groups say the code does not go far enough to protect consumers.
“While the idea of short-form notices is appealing, the information that [app developers] would provide under this code falls far short of what is needed to tell mobile application users what is really happening with their data,” the Consumer Federation of America said in a statement. “It does not explain how their data will be used beyond what is necessary for the function of the app. Moreover, the information about what kind of data is collected and with whom it is shared is very limited.”
A sample of the “short-form notices” that NTIA is offering as guidelines to app publishers. (NTIA screenshot)