This post was also written by Frederick Lah.
On February 1, the FTC released its Mobile Privacy Disclosures Guidance (the Guidance) setting forth best practice recommendations for platforms, app developers, third parties such as ad networks and analytics companies, and app trade associations. We previously wrote about the Guidance when it was issued.
On February 15, Assistant Director in the FTC’s Division of Privacy and Identity Protection, Chris Olsen, spoke at the latest National Telecommunications and Information Administration (NTIA) stakeholders’ meeting in Washington, DC about the Guidance. Here are some highlights from the meeting:
- Olsen started off the meeting by recapping the recent efforts by the FTC in the mobile space.
- He said that the FTC believes that consumers are not really aware of the types of information collection and sharing practices that are taking place.
- He described the mobile ecosystem as “complex” and that all the players in the ecosystem need to work together for its improvement.
- Olsen spoke about the specific roles and responsibilities of all the players in the ecosystem – app platforms, app developers, and app networks – as outlined in the Report (many of which we described in our previous blog article).
- According to Olsen, the Guidance was designed to do three things – (1) spur on members of the ecosystem to take a more active role in addressing the lack of sufficient disclosures; (2) reach as many industry participants as possible in the “diverse marketplace” and to educate participants on what are the best practices; (3) provide input to industry stakeholders, such as the NTIA, on the development of a code of conduct for the mobile space.
- One commentator noted that the Guidance sets out what industry participants should be doing, but does not seem to set out what the role of the FTC should be. Olsen responded by saying that, “the FTC needs to do better, too.” He specifically identified enforcement and outreach as areas for improvement.
- With respect to the Guidance’s recommendations for platforms, Olsen stressed the need for platforms to be clear to consumers about what they’re doing (or not doing) and to oversee and enforce their developer agreements.
- Olsen pointed out that the Guidance does not set forth legal requirements and that the FTC did not issue the Guidance with the goal of providing any sort of legal framework. He did note though that Congress is interested in the issue and that they will continue to hold hearings about the state of affairs in the mobile environment, and that the FTC would provide input to Congress if called upon to do so.
- As for the use of icons in the mobile space, Olsen said that he thinks that an essential element of any icon program must be that it “communicates a clear message” and is not ambiguous.
- He also noted that the recent report from the California AG’s office on mobile privacy is largely consistent with the FTC’s Guidance, but noted that the California report appears to cover a larger scope of mobile privacy issues, one not just focused on the issue of disclosures.
Olsen’s comments and the Guidance itself are informative, but it remains to be seen how the players in the ecosystem will respond to the recommended best practices. Another question will be what effect, if any, the Guidance will have on the FTC’s enforcement efforts? We’ll be monitoring this situation closely.