Sr. Director and Mobile Product Manager
Lately, the amount of news and discussions about mobile app privacy has been increasing. Not only is the media picking up on the growing concern by users about the collection and use of their personal data but industry associations are also much more active in developing guidelines and frameworks to help apps developers and owners address the growing concern and to ward off regulation. To add to the mix, the government has stepped up its activities as seen by the recent Google settlement with the FTC and the introduction of The Commercial Privacy Bill of Rights Act of 2011 by a bi-partisan team: of Senators John Kerry and John McCain.
Privacy vs. Security
So what does app privacy really mean? Is it the same as security? The two are often used interchangeably but I think they are very different and bear an explanation so app developers can start to address the heart of the issue. To help understand how they are different with regards to mobile apps, think of privacy as the collection and sharing of one’s personally identifiable information that is gathered through an interaction with a mobile app. On the other hand, security is protecting a user’s device from malicious apps through means such as installing anti-virus or anti-spyware tools or app. Also, a breach in security can result in a reduction of a user’s privacy through the loss of personally identifiable information1 via an app that diverts user registration information to the wrong hands.
Why you should build user privacy into your app
Studies have shown that users reward companies that respect their privacy. Users that trust a brand or an app are more likely to share real information about themselves (i.e. submit their actual first and last name instead of “Mickey Mouse”) and share more information. They are likely to also engage more often with that brand.
Key fundamentals of app privacy
Mobile apps have unique privacy issues such as the use of geo-location and location- or behaviorally-based advertising. These issues are very meaty topics and have been addressed in my previous blogs. However, there are three guiding principles that should be present in your mobile apps.
- Transparency – Give users information about what info you are collecting about them and why. Also, let them know if you are sharing this information with third parties and why. Finally, don’t bury your practices in the fine print or in a 2500 word document which will require the user to scroll down many screens before they uncover the answer to their question. Write in plain English and format the Terms of Service and Privacy statement so its optimized for the small device.
- Accountability – Stand by your practices; show that if something goes wrong, you will make it right. Also, stay accountable to the data you collect from your users by safeguarding it with appropriate security measures such as encryption of sensitive information during transmission and at rest. Finally, demonstrate your credibility by getting certified by an independent, third-party which shows that you are confident of your data collection practices.
- Choice – Users want to know that they have a choice when it comes to the collection and use of their personal information such as geo-location or targeted advertising. Sometimes, users want to opt out for part of their visit and sometimes users want to opt out for a little while but opt back in later. Give them some control over what they share with you so they don’t have “uninstall” as their only option.
Where can I learn more?
There are many credible, non-profit companies and associations that are committed to furthering good privacy practices. Here are a few that are especially helpful.
The Future of Privacy Forum is a non-profit association that covers a wide range of issues related to user privacy. They also have an app privacy focus where you can learn more about how to build good privacy practices into your mobile and web-based apps.
The MMA has published a lot of research for marketing professionals that use the mobile device to reach their users. Privacy principles are woven in throughout the guidelines and some of the research is publicly accessible. They also have a committee dedicated to mobile privacy co-chaired by Fran Maier of TRUSTe and Alan Chappell
The GSMA is a large association that represents 800 carriers and 200 companies in 219 countries and territories. They have initiatives on the topic of Consumer Protection and Privacy including mobile privacy guidelines.
Those that want help with their mobile strategy can contact TRUSTe, the leader in online privacy since 1997. Their mobile privacy certification program site contains links to white papers and blogs on mobile app and mobile web site privacy.
1 Personally Identifiable Information – Any information or combination of information that can be used to identify, contact, or locate a discrete Individual.