FTC Report Says App Developers Need Privacy Policies

App Developers need Privacy PoliciesTake a look at some interesting data on the need for app developers to provide their app users with privacy policies from the Federal Trade Commission:

A June 2012 study of 150 of the most popular app developers across three leading platforms – Apple’s iTunes app store, Google’s Play app store, and Amazon’s Kindle Fire app store – reveals how much more work needs to take place. See Future of Privacy Forum, FPF Mobile Apps Study (June 2012). For example, the study found that only 28% of paid apps and 48% of free apps available in Apple’s iTunes app store included a privacy policy or link to a privacy policy on the app promotion page.

The top apps in Google’s Play store fared even worse. There, only 12% of paid apps and 20% of free apps examined provided access to a privacy policy through the app store. The Commission staff’s kids app reports reached similar conclusions, noting the paucity of information provided to parents before they or their children downloaded popular children’s apps. See FTC Staff, Mobile Apps for Kids: Current Privacy Disclosures are Disappointing, supra note 28, at 1; FTC Staff, Mobile Apps for Kids: Disclosures Still Not Making the Grade, supra note 33, at 4-6. Oddly enough, free privacy policies are available online that comply with all the rules from the FTC, Google Play, Apple and others. main-logo

To address this problem, the California Attorney General recently sent warning letters to 100 app developers notifying them that they are not in compliance with California law, which requires the posting of a privacy policy. The developers were given thirty days to conspicuously post a privacy policy within their app that informs users of what personally identifiable information about them is being collected and what will be done with that private information. See Press Release, Office of the Attorney General of California, Attorney General Kamala D. Harris Notifies Mobile App Developers of Non-Compliance with California Privacy Law (Oct. 30, 2012). In addition, the California AG has sued Delta Airlines, one of the recipients of the warning letter.

So if you want to start causing problems with California, the FTC, Google Play, Apple and your potential and current customers, don’t worry about providing a privacy policy. For the rest of you app developers who want to stay in business for a while, contact freeprivacypolicy.com for a free, zero-obligation privacy policy. 

Most of this information from this article is found in the Federal Trade Commission’s 2013 Report on Privacy Policies that you can read here.

Mobile App Developers Need Privacy Policies Too

app developersFor most app developers, privacy policies are usually an afterthought in the mobile app development process.

App developers usually end up creating it after the app’s design and development are done. This legal safeguarding may seem like a last-minute addition that doesn’t merit much thought, but it may be the most important component of your entire business.

They usually end up creating it after the app’s design and development are done. This legal safeguarding may seem like a last-minute addition that doesn’t merit much thought, but it may be the most important component of your entire business. Privacy Policies are not all alike, and there are numerous ways that a missing clause or a mismatch between your legal documents and your app itself can cause catastrophic problems. Quite a few ubiquitous and successful mobile apps have run into massive legal headaches and astronomical fines due to flaws in their privacy policy and a failure to integrate and unify their legal protection with the “private parts” of their app architecture.

In 2013, social app Path was fined nearly 1 million dollars by the FTC (Federal Trade Commission) for privacy violations. The $800,000 penalty stemmed from two lethal mistakes made by the app:

  1. Storing third-party names and numbers from their users’ address books without proper disclosure;
  2. Failing to comply with the provisions of COPPA, a law that applies to every app that knowingly collects information from children.

This means that if you extract phone contacts from your users, not only must you notify them, you must also explain within the app’s privacy policy how any why the information is used. If you collect users’ birth dates, you can likely figure out if children are using your app and do something about it. You essentially have two legal avenues: comply with COPPA or make sure users represent that they’re over 13 years old.

But there’s more. The FTC published a long document with recommendations for app developers and even platform-specific advisement for big platforms like Android and iOS. The FTC wants app developers to use a (relatively) new approach called Privacy by Design.  Companies should build in privacy at every stage in developing their products. This means a number of things:app developers

  • Before building an app or a feature, think of the privacy implications;
  • If you collect information, protect it. Follow the security recommendations of the FTC (with special attention to the third-party software you used) and be careful not to over-promise or make generic reassuring statements;
  • Keep your policy updated! Every time you roll out a new update to the app store, stop for a second and think if you added something that has an impact on your privacy statements. Added a new analytic script? It should go in there. Added “find friends via Facebook”? Go and edit your privacy policy.

There are known best practices—some of them coming from the California Attorney General—to give you some legal protection and prevent problems, privacy breaches, and lawsuits. But this is what the FTC actually says that developers should do.

You must have a privacy policy and it must be accessible from the app store.

The simple way to accomplish this is to simply link the policy when you submit the app. But, this means the privacy policy should live on your website. And although what I have to say now is another article all together, you must keep the site that’s hosting your privacy policy free from hackers. PCI Compliant Vulnerability Scanning can help you with that. You could also provide the full text of the policy within the app, or a short statement describing the app’s privacy practices. Need a privacy policy from scratch? There are many online options including Professional Privacy Policy.com.app developers

You should provide “just-in-time” disclosures and obtain affirmative express consent when collecting sensitive information from outside the platform’s API. You already know that iOS pops up a notification that a certain app is requesting access to the user’s location or other private data. In this case, the disclosure and the consent are taken care by Apple. But, your app might as well collect other important stuff, and a pop-up notification is the best way to make sure the users know. FTC names financial, health, or children’s data, but also a generic “sharing sensitive data with third parties” as sensitive private information, so it’s best to err on the side of caution.

Know the legal implications of the code you’re using.

It’s normal for app developers to use third-party packages, but you should make sure this code is secure and fully understand exactly what information it pulls, because you’re ultimately legally responsible for it. There’s a long list of questions to ask yourself, including:

  • Does this library or SDK have known security vulnerabilities?
  • Has it been tested in real-world settings?
  • Have other developers reported problems?

While PATH’s $800K fine was in connection with COPPA violations, it’s the start of broader policing of privacy practices, even against non-American developers. If you cater to the American mobile market, you can still be fined by U.S. Authorities. It’s time for app developers to get a properly-written, constantly-curated privacy policy. The FTC is encouraging the adoption of public standards and suggests tightened integration among app developers, trade associations, ad networks, and mobile platforms, so this is definitely a topic to keep under the radar. You wouldn’t want a legal problem to cripple your app right as it’s starting to soar.

Special Thanks to Veronica Picciafuoco and her article on SitePoint.com.

Need Customers? Get a Privacy Safe Seal!

Need More Customers? Consider getting a Privacy Safe Trust Seal!

If you have done an adequate job of getting people to visit your website, you’ve kept it safe and away from hackers, now it’s time to get those visitors to do what you want them to do! Whether you are selling frisbees, fans, forklifts, fabric, felines, Ferrari’s or fax machines, you are probably in business to make money. And the more people you can get to buy what you’re selling, the more money you will make.

It might not be safeabout traffic anymore; it might be more about conversions.  And why do people leave your check-out page and go somewhere else to do their shopping? Because they don’t know you and they are afraid that you might do something with their personal information that you are requesting from them. They’re afraid you’ll sell it or lose it or that a hacker will come along and steal their identity.

Having a trust seal like Trust Guard’s Privacy Safe seal will put your online visitors at ease. It will resolve their concerns about what might happen to their confidential information. When people feel comfortable with you – when they trust you – more of them will buy from you. With a privacy safe seal you’ll get more customers and make more money. That’s true for foreigners and farmers and everyone in between. So don’t be a fool, give privacy seals a try!

Need More Customers? Give Your Visitors Peace of Mind!

customersFace it. Online consumers (your potential customers) are afraid to buy from sites they don’t know.

If potential customers think your business might be a scam, preying on their need to get quality products at reasonable prices, they will leave as quickly as they arrived. And just as important as seeing that your website is secure is seeing that you will protect their privacy.

That’s where Free Privacy Policy comes in. Smart business owners show their visitors as quickly as possible that they are a business that cares about their visitors’ security and privacy. The website FreePrivacyPolicy.com allows business owners with the opportunity to fill out a form that automatically creates a privacy policy for free! All users of this service need to do is copy and paste the personalized privacy policy onto their website.

Once your privacy policy is loaded, the next item of business is telling your visitors that you care about their privacy. This you can do by putting a link to your privacy policy in the header and/or footer of your website. You can also write a blog, press release or share links socially that take people straight to your policy. Writing content above the fold or at least on the front page or sidebar that says “We care about your privacy” with a link to your policy could also help increase your conversion rate and length of time visitors stay on your site.

The best way to show off your concern to keep your visitors’ information secure and confidential is through a privacy safe seal like the ones provided by Trust Guard. These images can be placed at strategic locations – like on your check-out page, right below the “Order Now” button – for visitors to see right before they make their final decision to buy or not to buy from you. They are extremely effective, very inexpensive, and usually come with a no-questions-asked 100% guarantee. Tons of tests have proven time-and-time-again that conversion rates raise significantly when security and privacy seals like this are used appropriately. It just makes sense, when people see that you care, more of them will buy from you!

So go get your free privacy policy, then display your Privacy Safe Seal on your website, get more customers, and start increasing your online sales today.