Feds Probe Mobile App Privacy Safeguards

A division of the Commerce Department on Wednesday convened industry representatives and consumer advocates for the third in a series of workshops as it moves toward developing a code of conduct to protect consumer privacy in the fast-growing mobile app space.

The meeting, which focused on procedure as much as policy, saw the airing of a laundry list of concerns that privacy advocates have raised with the way that companies use the information that they collect about consumers through mobile apps.

But although this is the third stakeholder meeting the National Telecommunications and Information Administration (NTIA) has convened on the subject, many of the participants stressed the preliminary nature of the inquiry.

“We need to discuss what’s happening now, how’s [the data] being used, what does it mean for the user,” said Jeff Chester, a longtime privacy advocate and the executive director of the Center for Digital Democracy. “Obviously it’s in the context of balancing monetization with consumer and citizen privacy and control, but a huge amount of data [collection] we know is now occurring within the apps. It’s now firmly part of the online marketing system. Let’s be realistic, identify all the data usage, and then we can determine how to proceed.”

Jonathan Zuck, the president of the Association for Competitive Technology, took it to an even more rudimentary level, urging the stakeholders and NTIA officials to first set the parameters of the discussion, pointing out that an in-car GPS navigation system is a very different technology from, say, a social networking utility designed for a smartphone, but both could be considered mobile apps. But who would argue that the privacy implications are the same?

“I think defining mobile apps is a critical first step,” Zuck said.

NTIA’s inquiry is just one of several ongoing probes into the data-collection practices of digital marketers, service providers, Web companies and other digital players underway at the federal government and industry and standards groups.

The probe into mobile applications is part of a larger examination of the privacy implications of the digital economy at the Commerce Department, which has called on Congress to enact legislation to establish baseline consumer protections. The White House has echoed that position in explicitly calling for a consumer bill of rights to safeguard user privacy online.

Additionally, the Federal Trade Commission has been eyeing online consumer privacy issues for several years, and recently articulated a proposal for a do-not-track mechanism that would be built into the Web browser, creating an opt-out list in the fashion of the popular Do-Not-Call registry that governs the activities of telemarketers. The Commerce Department’s proposal for privacy legislation would give the FTC new authorities to regulate Internet companies, powers that the FTC sought, but failed to secure, in the financial regulatory reform bill that was signed into law in 2010.

Meantime, industry groups have been working to demonstrate that they are serious about offering meaningful consumer protections, trying to convince lawmakers and executive officials that self-regulation is sufficient. The most prominent of those efforts is the Digital Advertising Alliance, a consortium of leading advertising and marketing trade associations that has been developing a framework for providing consumers more information about how data is collected and used and offering the choice of opting out of targeted ads.

The mobile arena, of course, poses unique challenges, including the plain fact that screens are smaller so there is less real estate in which to offer such notices.

Advocates at Tuesday’s meeting asked NTIA to consider including provisions concerning the size of privacy notices in mobile apps, as well as features such as so-called just-in-time notification, which would alert a user when certain information is about to be collected, and guidance to ensure that notices are delivered in meaningful context.

But time and again, the participants reiterated how much more information about industry practices they need from companies in the mobile-app sector before they can begin drafting language for a code of conduct, as NTIA intends to as the culmination of this process.

“We have to understand what it is first before we can talk about how to express it,” said Susan Grant, director of consumer protection at the Consumer Federation of America.

“What exactly are they doing?” Grant asked. “What is it that’s important for consumers to know?”

Stu Ingis, a partner with the law firm Venable and a leading figure in industry self-regulatory efforts, including the Digital Advertising Alliance, proposed a series of briefings for consumer advocates and other stakeholders to explain industry practices concerning the technology at work in mobile apps and the policies governing how information is collected, used and shared.

Ingis offered to host the first briefing, focusing on technical issues, at Venable’s office ahead of NTIA’s next scheduled stakeholder meeting, slated for Sept. 19.

But that date could be in flux, as several participants questioned the value in proceeding with the stakeholder meetings with so many questions about the industry practices in play still unanswered, and some proposed breaking up into smaller working groups before reconvening as a cohort.

Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.