TrustArc Blog

Mobile App Developers: Know Your Data

August 31, 2011

Joanne Furtsch, CIPP, CIPP/C
Policy & Product Architect
@privacygeek

Mobile app technology and business models are rapidly evolving. In the race to build the next great mobile app developers need to take the time to understand what data they’re collecting through their app and what legal and privacy obligations that data may entail.

In the fall of 2010 TRUSTe launched a mobile app privacy certification. Part of our app certification process includes the creation of a mobile-friendly privacy policy (you can see an example of such a policy in Yelp’s iPhone app, which is TRUSTe-certified).

Incorporating privacy-by-design into the development of mobile applications is a lot cheaper and more efficient than the alternative: privacy-by-disaster. Consider the case of mobile app developer W3 Innovations, LLC, who earlier this month settled FTC charges that the company violated the Children’s Online Privacy Protection Act (COPPA). The problem? Their mobile apps were collecting the email addresses and names of children under 13 without first obtaining their parents’ consent (as required by COPPA).

COPPA is just one example where data (in this case, the data of users under 13 years of age) can carry legal privacy obligations. Even data that does not carry legal protections deserves developers’ attention because it can be considered sensitive to the users. In short: know your data. Understand what you collect, who you share it with, and what control users have over their data. Having a privacy policy is only a starting point– the process of mapping our your privacy practices in text will give you a better idea of where you have potential privacy deficiencies that need to be fixed. Sharing mobile app user information with third parties without providing them first with meaningful notice and choice over the practice will never have good results (just ask Pandora).