Patricia Poss
Federal Trade Commission
The views expressed are those of the
speaker and not necessarily those of
the FTC or any other person.
1
Mobile Technology Unit
Law enforcement actions
Policy initiatives
2
Dedicated staff
Technologist assistance
Testing capabilities
3
Section 5 of the Federal Trade Commission Act broadly prohibits “unfair or deceptive acts or practices in or affecting commerce.”
◦ Deception a material representation or omission that is likely to mislead consumers acting reasonably under the circumstances
◦ Unfairness practices that cause or are likely to cause substantial injury to consumers that are not outweighed by countervailing benefits to consumers or competition and are not reasonably avoidable by consumers.
Flexible law that can be applied to many different situations, entities, and technologies.
4
W3 Innovations
Frostwire
Mobile background screeners - warning letters
5
Complex ecosystem ◦ Operating system providers
◦ Application developers
◦ Handset manufacturers
◦ Carriers
◦ Ad networks
◦ Service providers
6
Screen size
Communication channels: texting, mobile web browser, mobile apps
“On the go” nature of use
Personal
Additional hardware capabilities – camera, microphone, gyroscope, compass, etc.
GPS & location features
Easy sharing of user information
Rapidly evolving technology
7
Who collects what information?
How is it used?
With whom is it shared?
Are consumers being adequately informed?
Do they have a choice?
8
Issued Final Report, March 2012.
Applies to Mobile environment.
Key elements: Privacy by Design, Simplified Choice, and Greater Transparency.
9
Collection and use of data is ubiquitous and often invisible.
Consumers lack an understanding of the nature and extent of this collection.
Many consumers are concerned. Collection and use has led to significant
benefits. Traditional distinctions between personally
identifiable and anonymous data are blurred.
10
Make privacy the “default” setting for commercial data practices.
Give consumers greater control through simplified choices and increased transparency.
Implementing will enhance trust and stimulate commerce.
11
Intended to articulate best practices for companies.
Intended to assist Congress as it considers privacy legislation.
Not intended to serve as a template for law enforcement action or regulations.
12
“Bake-in” privacy -- Companies should promote consumer privacy throughout their organizations.
Companies should incorporate substantial privacy protections into their practices, such as data security, reasonable collection limits, sound retention and disposal, and data accuracy.
13
Limit collection to data they need for a requested service or transaction. ◦ Ex. Wallpaper app doesn’t need location.
◦ Location data collection heightens need for reasonable policies for purging data.
◦ Minimize the risk that information could be used in harmful or unexpected ways.
Calls on mobile entities to establish standards that address data collection, transfer, use and disposal, particularly for location data.
14
If data is shared with third parties, work to provide more prominent notice and choices about such practices.
Not all companies have adequately disclosed the frequency or extent of the collection, transfer, and use of data.
15
Provide easy-to-use choice mechanisms that allow consumers to control whether their data is collected and how it is used.
Companies do not need to provide choice for practices that are
consistent with the context. ◦ Fraud preventions, internal operations, fulfillment, legal compliances and
public purpose, and first-party marketing.
For practices requiring choice, companies should offer the choice
at a time and in a context in which the consumer is making a decision about his or her data.
Companies should obtain affirmative express consent before:
◦ 1) using consumer data in a materially different manner than claimed or ◦ 2) collecting sensitive data.
16
Increase the transparency of data practices.
Privacy notices should be clearer, shorter, and more standardized to enable comprehension and comparison.
Calls on mobile participants to develop short
meaningful disclosures. ◦ Urges companies providing mobile services to develop
standard notices, icons, and other means to communicate with consumers in a consistent and clear way.
◦ Dot Com Disclosure Workshop – May 30, 2012.
17
18
Reviewed kids apps in Apple’s iTunes App Store and Google’s Market.
Looked for disclosures available in the app stores or on developers’ websites.
Very little information disclosed prior to download.
Recommendation – app stores, developers and other ecosystem participants need to improve disclosures regarding data practices.
19
20
21