The Federal Trade Commission (FTC) has many privacy regulations and guidelines for mobile apps.
Mobile apps have come under close examination by the Federal Trade Commission (FTC) and other regulatory agencies because of the way they collect some personal information without the user’s knowledge. A mobile app that tracks a user’s location by using geolocation tracking without express consent from the user would be one example.
Collecting Users’ Information
Be clear about disclosing your information gathering and sharing practices to your users. Disclose exactly what information you collect, what you do with it, and what third parties you share it with. If you share your users’ information with other companies, inform users about the sharing practices of those companies.
Keep track of the information that you collect and store. Practice data reduction: don’t keep users’ information that is not required. If your app doesn’t need a user’s contact information, do not ask to collect it. Remember, any information you don’t collect is information you don’t need to protect.
Is Your Mobile App Geared Towards Children Under the Age of 13?
If so, you fall under the strict Children’s Online Privacy Protection Act (COPPA) and will have additional requirements. Even if your app is not geared towards children under 13, you still have to be careful. Irrespective of the type of mobile app you have, if you knowingly collect personal information from children under the age of 13, COPPA applies to you.
You are required to get consent from the parents before you can gather personal information from children. To comply with COPPA you are required to clearly disclose how you collect and use information from children and directly notify parents of your practices. You are also required to keep personal information collected from children secure and confidential.
Even if you don’t collect information from children directly but use third party APIs or ad networks that collect children’s personal information through your app, COPPA still applies to you.
What Constitutes Personal Information for Children?
COPPA defines personal information as a child’s first name, last name, telephone number, screen or username, address, a persistent identifier that can identify a user across different websites over time. This would include a device identifier, serial number, cookies, or an IP address. Even when collecting sensitive information from adults such as geolocation, financial, or medical information, it’s important to get their express consent before you collect such information.
Keeping Your Users’ Information Secure
The law requires you to take reasonable measures to protect your users’ information against common and known security risks. However big or small your online business be, you should limit access to customer and user information within your company. If third parties have access to your users’ information, make sure that they comply with strict privacy standards. When you no longer need your users’ information, make sure that you dispose of it safely. Knowing all this, you should not collect information that is not required for your online business.
A Checklist for Mobile App Developers
- Identify personal information which your mobile app collects and uses.
- Do not collect personal information that is not needed for your app to function.
- If your main mobile app function is not associated with a social media network like Twitter, Facebook, etc., you must let users login without providing their social media login information.
- Be aware and disclose the information that third-party code or analytics collect within your mobile app.
- Disclose personal information and data you intend to share with third parties such as service providers, advertising networks, and companies who provide analytics.
- If you share personal information and data with third parties, how will they use them?
- Use icons to communicate important privacy collection methods.
- Disclose all information that you collect when the app is not in use.
- Make sure that your app encrypts personal information before transmitting and storing it.
1. Always follow the Clear and Conspicuous guidelines.
Before your mobile app accesses sensitive information from users you should provide a just-in-time disclosure to get their affirmative express consent. Such information might include a user’s geolocation, photos, videos, audios, and friends. This gives your users a chance to make a choice before such information is automatically collected.
Here is a sample just-in-time disclosure that Nissan uses:
The Federal Trade Commission (FTC) suggests that if you are collecting geolocation data from users, you…
- Make obvious if users’ location is being tracked when the mobile app is not in use.
- Give users the option of not allowing or turning off continuous geolocation tracking.
- Provide users with a just-in-time disclosure and get express consent if you share geolocation data with third parties.
- All disclosures should be made clear and understandable and avoid overly complicated technical and legal language so that an average person can understand it.
The Clear and Conspicuous regulations apply to mobile apps
Privacy policies, disclaimers, and other disclosures are required by law to be displayed in your mobile app in a clear and conspicuous place obvious to your users. The link to these documents should be of at least the same size font as the surrounding text and links, preferably in a contrasting color or a larger font.
The Clear and Conspicuous rule can be distilled down to this:
Click here for a complete explanation of the clear and conspicuous guidelines.
Avoid Free Privacy Policies and Generators