Saturday, February 2, 2013

The link between privacy and analytics gets stronger still: FTC moves to establish policy and best practices in today’s mobile “Wild West”

As federal and state regulatory agencies become increasingly assertive in defining and enforcing app user rights, application analytics (like PreEmptive Analytics) that embed opt-in policy enforcement and limit data access and ownership are becoming increasingly strategic (and essential) to development organizations.

Today, in a strong move to protect American privacy, the Federal Trade Commission published the report Mobile Privacy Disclosures: Building Trust Through Transparency (PDF). For those that don’t want to read the entire report, checkout the coverage in the NY Times: F.T.C. Suggests Privacy Guidelines for Mobile Apps for a nice overview (not sure how long that link will be live though).

The take away from my perspective is this – while app marketplaces like Apple and Google and advertising services like Flurry continue to fall under increasing scrutiny, the app developer is no longer flying under the radar or going to be given a pass for not understanding the rapidly emerging policies, recommended practices and general principles.

From the referenced NY Times article above…

“We‘ve been looking at privacy issues for decades,” said Jon Leibowitz, the F.T.C. chairman. “But this is necessary because so much commerce is moving to mobile, and many of the rules and practices in the mobile space are sort of like the Wild West.”

and...

The F.T.C. also has its sights on thousands of small businesses that create apps that smartphone users can download for a specific service. The introduction of the iPhone created a sort of gold rush among start-ups to create apps featuring games, music, maps and consumer services like shopping and social networking.

“This says if you’re outside the recommended behavior, you’re at a higher risk of enforcement action,” said Mary Ellen Callahan, a partner at Jenner & Block and former chief privacy officer for the Department of Homeland Security.

Even before this report, “the F.T.C. has not been meek,” said Lisa J. Sotto, managing partner of Hunton & Williams in New York. “They have brought a number of enforcement actions,” she said. “Those in the mobile ecosystem know they’re in the regulators’ sights.”

…but do app developers really know?

In an earlier post of mine, COPPAesthetics: form follows function yet again, I lay out in more detail both the privacy concepts that the FTC are developing and the technical and functional capabilities (and business models) that distinguish application analytics from the other analytics categories out there. These features include opt-in policy enforcement (for both regular usage and exception handling), encryption on the wire, greater control of data collection and more…

COPPA is a much more formal set of requirements to protect children with severe sentencing guidelines and a growing set of precedents where app developers are being fined with increasing regularity

– BUT there is little doubt that the FTC is not limiting itself to children’s rights – in its latest report, the FTC recommends that:

“App developers should provide just-in-time disclosures and obtain affirmative express consent when collecting sensitive information outside the platform’s API, such as financial, health, or children’s data or sharing sensitive data with third parties.” (Page 29 of the report)

If you’re building mobile apps or services that support mobile apps and have been “getting by” using marketplace and marketing analytics services to get user and app usage feedback – be very careful – expect these services to become more and more restrictive – (even dropping apps that appear to be too risky). They will (rightly so) limit their data collection to fall within (and probably well within) regulatory constraints leaving developers to operate their apps “in the dark.” (or assume the risk of non-compliance)

Again from the NY Times article: “Morgan Reed, executive director of the Association for Competitive Technology, a trade group representing app developers, said that the organization generally supported the commission’s report but that it had some concerns about what he called “unintended consequences.” If app stores are worried about their own liability over whether they have adequately checked the privacy protections of a mobile app they sell, they might err on the side of caution and not screen for privacy at all, he said.”

App developers are welcome to collect runtime data necessary to operate (and improve) their applications (see my COPPA post for more clarity here) – collecting data usually only becomes an issue when that data is shared or used for other purposes or by other parties – and that is at the heart of application analytics and what distinguishes it from its peers. 

Application analytics is all about improving application quality, ensuring operational excellence and delivering a superlative user experience – there is no ulterior motive or agenda.