The Federal Trade Commission (“FTC”) stated earlier this year in its final privacy report that it is going to focus legal enforcement efforts on privacy and data security law compliance in the mobile space. As a part of this enforcement initiative, the FTC recently published additional guidelines called “Marketing Your Mobile App: Get it Right From the Start” to help app developers comply with applicable privacy and marketing laws. The guidelines recommend that mobile app developers do the following:
1. Tell the Truth About What your App Can Do – If you make a claim that your app can do something (whether it be on the app, a website or elsewhere), you must have the proof to back up your claim.
2. Disclose Key Information Clearly and Conspicuously – Create clear and prominent privacy notices that users can easily view and understand.
3. Build Privacy Considerations in from the Start – Create app default settings that limit the information you collect, securely store the information you must store and securely dispose of the information you no longer need. Get opt-in consent for collecting information that users would not intuitively expect you to collect.
4. Be Transparent About your Data Practices – Clearly explain in your privacy notice what information your app collects and how you use and disclose this information
5. Offer Choices that are Easy to Find and Easy to Use – Build clear and conspicuous privacy settings, opt-outs and other user controls into your app that permit consumers to control how you collect, use and disclose their information.
6. Honor Your Privacy Promises – Live up to the promises in your privacy notice and on your app, and obtain consumer’s opt-in consent to any material changes you make to your privacy notice.
7. Protect Kids’ Privacy — If your app is designed for children, or if you knowingly collect personal information from children under 13, you may need to comply with the Children’s On-Line Privacy Protection Act.
8. Collect Sensitive Information only with Consent – Get opt-in consent from users before collecting any sensitive personal information (including without limitation, financial, medical, religious or certain precise geo-location information.)
9. Keep User Data Secure – Take reasonable precautions to keep data secure, including without limitation the following: (a) collect only the information you need; (b) secure the data you keep; (c) limit data access to a need-to-know basis; and (d) securely dispose of data you no longer need. And, make sure your contractors adhere to these same standards.
If you have any questions about how to comply with these FTC recommendations, please contact Helen Christakos at (650) 696-2545 or at hchristakos@carr-mcclellan.com.