clock menu more-arrow no yes

Filed under:

US government announces first national app privacy code of conduct

New, 18 comments
twitterrific stock
twitterrific stock

Mobile apps and consumers' expectations of privacy are not always in sync. But now the government is on the case. The US National Telecommunications and Information Administration (NTIA), part of the Commerce Department, has finished working on the first version of a voluntary national "privacy code of conduct" for mobile apps. The NTIA has been working on the code of conduct for over a year, and written (and rewritten) numerous drafts, trying to balance the input of industry players including AT&T and the Internet Commerce Coalition (which represents AOL and Ebay among others), with privacy groups, such as the Electronic Frontier Foundation and the American Civil Liberties Union. But now, it has finally managed to come up with a draft that it says should satisfy all sides, while also helping protect consumer privacy.

"We encourage all the companies that participated in the discussion to move forward ..."

The code of conduct is again, strictly voluntary and not enforced under any laws, so it's up to app developers and ecosystems to adopt it at their will. But the NTIA is hopeful that they will in short order. "We encourage all the companies that participated in the discussion to move forward to test the code with their consumers," said NTIA Administrator Lawrence E. Strickling in a statement published online last night, just after the agency voted in favor of the latest draft. Major app stores including Google's and Apple's haven't said they will implement it yet, though.

Of course, numerous apps and app ecosystems already have their own privacy policies, which few of us actually take the time to read, so what good will a national one do? Actually, the NTIA recognizes this problem, and part of its main objective with this code is to provide a simpler solution. The NTIA's main innovation is something it calls a "short notice," which it wants app makers to provide for all users prior to download or purchase. Here's an example of what it would look like on a smartphone screen, courtesy the ACLU:


The NTIA says the short notice should contain four main pieces of information for consumers: 1.) the types of data the app collects from users and transmits off the device, 2.) where to find the longer privacy policy, 3.) what third-party companies or organizations the app shares user data with and, 4.) the actual company responsible for each app. The government says in all the above cases, "data collection" occurs "only if transmitted off of the device," so apps that store user data locally without backing it up to be server would be exempt from the code.

As far as specific types of data collected, the NTIA's code of conduct says there are eight different categories that app makers should tell users about, if applicable: biometric information, browser history, phone or text logs (meaning the phone calls and texts sent or received), financial information, health information, location, and "used files," which the government defines as "files stored on the device that contain your content, such as calendar, photos, text, or video." It's unclear for now just which companies if any will begin implementing the code, and if any changes will be immediately visible to consumers, but for now at least, the ACLU and Online Publisher's Association, which includes many major media companies, are applauding the move. Read the full finalized NTIA app privacy code of conduct on the organizations' website, and see the previous drafts here (scroll down).