FTC Report Recommends Greater Location Privacy Effort for Mobile Devices

The Federal Trade Commission (FTC) issued a staff report last Friday (February 1, 2013) that suggests companies consider offering a Do Not Track (DNT) mechanism for smartphone users among other measures to protect location privacy.

Use and possible abuse of real-time geolocation data was well up on the list of concerns addressed by the report, “Mobile Privacy Disclosures: Building Trust Through Transparency.”

The Federal Trade Commission (FTC) issued a staff report last Friday (February 1, 2013) that suggests companies consider offering a Do Not Track (DNT) mechanism for smartphone users among other measures to protect location privacy.

Use and possible abuse of real-time geolocation data was well up on the list of concerns addressed by the report, “Mobile Privacy Disclosures: Building Trust Through Transparency.”

The report makes recommendations for critical players in the mobile marketplace: mobile platforms (operating system providers), application (app) developers, advertising networks and analytics companies, and app developer trade associations.  Most of the recommendations involve making sure that consumers get timely, easy-to-understand disclosures about what data they collect and how the data is used.

“The mobile world is expanding and innovating at breathtaking speed, allowing consumers to do things that would have been hard to imagine only a few years ago,” said FTC Chairman Jon Leibowitz.  “These best practices will help to safeguard consumer privacy and build trust in the mobile marketplace, ensuring that the market can continue to thrive.”

The mobile DNT recommendation was directed at platform providers such as Amazon, Apple, BlackBerry, Google, and Microsoft.

“A mobile DNT mechanism, which a majority of the Commission has endorsed, would allow consumers to choose to prevent tracking by ad networks or other third parties as they navigate among apps on their phones,” recommended the report approved by the FTC for release.

The FTC staff report is based on the FTC’s enforcement and policy experience with mobile issues and a May 2012 FTC workshop, which brought together representatives from industry, trade associations, academia, and consumer privacy groups to explore privacy disclosures on mobile devices.

“[M]obile devices can reveal precise information about a user’s location that could be used to build detailed profiles of consumer movements over time and in ways not anticipated by consumers,” the FTC report stated.

Subsequently, the Government Accountability Office (GAO) published a report last September, “Mobile Device Location Data," which recommended that the FTC consider issuing industry guidance on mobile location data privacy.

Other location-relation recommendations in the FTC report include:
·      Platform providers should give “just-in-time disclosures” to consumers and obtain their affirmative express consent before allowing apps to access sensitive content such as geolocation.
·      App developers need not repeat platform-level geolocation notices; however, if the developer decides to share that geolocation data with a third party, “the app developer should provide a just-in-time disclosure and obtain affirmative consent from users for that data sharing.”
·      App developer trade associations could develop ways to standardize app privacy policies, for example, create a standardized, layered policy that eliminates long, complicated policy language in favor of icons and streamlined disclosures presented in a short sentence (e.g., “We don’t share personal information with marketers.”) or phrases (e.g., “Location Services” or “Tracking Technologies”).