Industry Group Releases Mobile Application Draft Self-Regulatory Privacy Framework

The Telecommunications Law Resource Center is the most comprehensive reference and news platform for communications law, covering broadcasting, cable, broadband, telephony and wireless;...

Draft mobile application privacy policy guidelines released by the Mobile Marketing Association (MMA) Oct. 17 would require mobile application developers to provide notice to consumers about the types of information collected by mobile apps, along with mechanisms for opting out of information collection.

MMA, a global mobile marketing trade association, announced in December 2010 that it intended to develop mobile privacy principles.

The “Mobile Application Privacy Policy Framework” will fill an “urgent need” for mobile marketing companies, MMA Global Chief Executive Officer Greg Stuart said in the association's Oct. 17 statement. The association explained that the goal for its guidelines is “to encourage the mobile application developer community to continue to move consumer privacy interests forward.”

MMA's Privacy and Advocacy Committee created the guidelines in response to the rapid increase in the popularity of mobile applications. According to MMA, many organizations participated in the drafting of the framework, including AT&T Adworks, Microsoft, Sprint-Nextel, and Verizon Wireless.

The public comment period on the draft framework closes Nov. 18.

‘Clear and Transparent Policy Language.'

The draft framework provides suggested privacy policy language for mobile application developers “in clear and transparent policy language that can be quickly and completely understood by the consumer,” Stuart said.

However, given the range of privacy issues and data processes of mobile applications, companies should only use the policy as a starting point and should tailor it to their own needs and jurisdictional requirements, MMA said.

The major areas covered by the proposed policy language include:

  • what types of information the application collects and uses,
  • whether the application collects “precise real-time location information,”
  • whether third parties can view or gain access to the information collected,
  • what a user's opt-out rights are,
  • what the company's data retention policy is,
  • whether the application and the developer's privacy practice comply with the Children's Online Privacy Protection Act,
  • what a developer's security procedures are, and
  • when and how the developer will notify users of changes to its privacy policy.

Notably, the guidelines suggest that developers provide opt-out mechanisms, such as opting out of all information collection, opting out of information collection for third-party advertisers, and opting out of the collection of location data. They also encourage developers to determine if the advertising networks or third parties they are working with offer an opt-out.

The framework additionally directs developers to obtain a user's prior consent before collecting information from and/or for social media websites.

MMA said it intends to finalize and release the privacy policy framework after the comment period closes.

“With more than 58% of U.S. mobile users worried that their data can be easily accessed by others, a privacy policy that helps establish and maintain consumer trust is absolutely essential[,]” Alan Chapell, co-chair of MMA's Privacy & Advocacy Committee, said in the Oct. 17 statement.

The proposed “Mobile Application Privacy Policy Framework” is available after registering at http://www.mmaglobal.com/MMA_Mobile_Application_Privacy_Policy_18Oct2011.pdf.