One possible user interface implementation of the new code of conduct
Mobile apps are the wild west of software, but there's a new sheriff in town -- if you're in the U.S that is. It's a voluntary sheriff, in the form of an optional code of conduct whose testing by signatories was announced this week by the National Telecommunications and Information Administration (NTIA).
The new code requires signatories to tell users exactly what information they are collecting and with whom they are sharing the data. It is the result of more than a year of negotiation between industry, trade associations and consumer organizations under the direction of the U.S. Department of Commerce. The American Civil Liberties Union (ACLU), a leading supporter of consumer privacy, said in a statement that the code was a "modest but important step forward for consumer privacy," in that it allows applications to compete on privacy friendliness.
Biometrics, Browser History
However, the ACLU said that the year it took to come up with this single measure "makes it clear that we need comprehensive privacy legislation in order to gain meaningful privacy protections for consumers."
All companies and other organizations that sign onto the code will be required to disclose data that is collected in biometrics, browser history, phone or text logs, contacts, financial information, health medical or therapy information, current or past location data, and such user files as photos or videos.
Biometrics could become a major new battlefield in mobile privacy, given reports that Apple may release a fingerprint scanner for its products, as well as other companies' interest in body measurement identification. The new code covers information about your body, such as fingerprints, facial recognition, signatures or voiceprints.
Signatories will also reveal whether they are sharing any of the disclosed information with such entities as at networks, carriers, consumer data resellers, data analytics providers, government entities, operating systems and platforms, other apps or social networks.
While government entities are covered, the ACLU notes that there is not currently a clear understanding of the scope of the U.S. National Security Agency’s data collection, the subject of much media and political attention in the last few months, not to mention the fact that many companies required to disclose information by the NSA are not free to discuss their involvement.
In the wake of a variety of reports of surreptitious collection of data by mobile apps, the U.S. Federal Trade Commission (FTC) released a report in February that recommended new privacy standards and practices, including voluntary initiatives by the industry.
Shortly before the release of the report, "Mobile Privacy Disclosures -- Building Trust through Transparency," the FTC had imposed an US$ 800,000 penalty on a company called Path, which had released a social networking app for journal creation and sharing. Without users' permission, Path had violated federal law by collecting personal data from children under 13 years of age without parental consent.