Apple, Google consent to mobile app privacy accord

Tools

Apple (NASDAQ:AAPL) and Google (NASDAQ:GOOG) are among six leading technology firms that have agreed to expanded privacy protections for consumers who download mobile applications to their smartphones and tablets.

California Attorney General Kamala D. Harris announced Wednesday that Apple, Google, Amazon.com, Research In Motion (NASDAQ:RIMM), Microsoft (NASDAQ:MSFT) and Hewlett Packard have agreed to improved privacy principles that bring the mobile ecosystem in line with the California Online Privacy Protection Act, which requires operators of commercial web sites and online services--including mobile apps--that collect personally identifiable consumer data to post a privacy policy. The agreement guarantees consumers the opportunity to review an app's privacy policy prior to download rather than after, and will offer consumers a consistent location for an app's privacy policy on the device screen.

Developers who do not comply with their stated privacy policies can now be prosecuted under California's Unfair Competition Law and/or False Advertising Law. The agreement commits the six platform providers to educate developer partners about their obligations to respect consumer privacy and to disclose what private information they collect, how they use the information and with whom it is shared. The platforms also most offer tools for users to report non-compliant apps and implement processes to respond to customer concerns.

"This agreement strengthens the privacy protections of California consumers and of millions of people around the globe who use mobile apps," Harris said in a statement. "By ensuring that mobile apps have privacy policies, we create more transparency and give mobile users more informed control over who accesses their personal information and how it is used." Harris will convene the six mobile platform providers in six months to assess their progress.

The announcement follows less than a month after Rep. Edward Markey (D-Mass.) released a discussion draft of the proposed Mobile Device Privacy Act, which would require disclosure of mobile phone monitoring software when a consumer buys a new device; if the carrier, manufacturer or operating system later installs monitoring tools; and if a consumer downloads an app containing monitoring software. The act also calls for disclosure on the type of subscriber data that is collected, the identity of the third party to which the information is transmitted and how the info will be used.

Last week, the Federal Trade Commission issued a staff report calling on Apple's App Store, Google's Android Market and their developer partners to provide parents with greater insight into the data collection practices of apps downloaded by their children. Noting that apps can automatically capture user data including precise geolocation, phone number, contacts, call logs and unique identifiers and other information stored on the device, the FTC states that the App Store offers almost no information about data collection and sharing, while Android Market supplies little beyond general permission statements on app promotion pages.

The FTC enforces the Children's Online Privacy Protection Rule, which requires operators of digital services (including mobile apps) to provide notice and secure parental consent prior to collecting information from children under 13. The FTC adds that over the next six months, staffers will conduct an additional review to determine whether some mobile apps are in violation of COPPA rules.

Apple recently announced it will upgrade its iOS platform so that developers can only access users' contact data after receiving explicit permission to do so. The move followed the revelation that mobile social networking app Path uploaded user address books to its servers without explicit consent. Path later apologized to users and said it will allow them to opt out of its contacts database.

In a statement, Google said it is pleased with the California AG agreement. "From the beginning, Android has had an industry-leading permissions system which informs consumers what data an app can access and requires user approval before installation," the statement reads. "Coupled with the principles announced by the attorney general, which we expect to complete in the coming weeks, consumers will have even more ways to make informed decisions when it comes to their privacy."

For more:
- read this release
- read this New York Times article

Related articles:
FTC to Apple, Google: Apps for kids must disclose data privacy practices
Amid privacy uproar, Apple promises to detail app permissions
Path admits mistake, allows users to opt out of contacts database
Path slammed for uploading users' mobile address books
Lawmaker Markey unveils Mobile Device Privacy Act