On 27 February 2012, with the support of Europe’s largest mobile operators, the GSMA published a set of global Privacy Design Guidelines for Mobile Application Development. These guidelines come just days after the largest US based App providers, including Google, Apple and Amazon, agreed to legally enforceable privacy standards.
The Mobile App Privacy Design Guidelines are aimed at all companies who are responsible for collecting and processing personal information about mobile users, and include App developers, mobile operators and advertisers. The guidelines encourage the development, delivery and operation of mobile Apps that put users first and help them understand what personal information a mobile application may access, collect and use, what the information will be used for and why; and how users may exercise choice and control over this use. The Guidelines also suggest that users should also be informed before they download an App whether it is supported by advertisements, and mobile advertising should only use information that has been properly obtained. In addition to transparency and privacy matters, the Guidelines include recommendations on data retention and security, use of location data, Apps’ use of social networking and social media, including use by children.
App privacy is a burning issue, with the App industry facing heavy criticism for seeking to get around privacy protections. Recently Path’s and Hispter’s Apps were exposed for uploaded users’ address books without asking for permission. Facebook has also been criticised following revelations that its Android App grant Facebook permission to read users’ text messages.
European mobile operators implementing the Guidelines include France Telecom – Orange, Deutsche Telekom, Vodafone and Telecom Italia. The GSMA said the guidelines encourage the development of Apps that respect “privacy by design” and hoped the Guidelines set a global standard rather than being just for the European market.