Friday, July 26, 2013

National app privacy code of conduct released by the US (and it's only 6 pages... Well the short form is anyway...)

The Verge - US government announces first national app privacy code of conduct

Mobile apps and consumers' expectations of privacy are not always in sync. But now the government is on the case. The US National Telecommunications and Information Administration (NTIA), part of the Commerce Department, has finished working on the first version of a voluntary national "privacy code of conduct" for mobile apps. The NTIA has been working on the code of conduct for over a year, and written (and rewritten) numerous drafts, trying to balance the input of industry players including AT&T and the Internet Commerce Coalition (which represents AOL and Ebay among others), with privacy groups, such as the Electronic Frontier Foundation and the American Civil Liberties Union. But now, it has finally managed to come up with a draft that it says should satisfy all sides, while also helping protect consumer privacy.

The code of conduct is again, strictly voluntary and not enforced under any laws, so it's up to app developers and ecosystems to adopt it at their will. But the NTIA is hopeful that they will in short order...


I. Preamble: Principles Underlying the Code of Conduct Below is a voluntary Code of Conduct for mobile application (“app”) short notices developed through the Multi-Stakeholder Process on Application Transparency convened by the United States Department of Commerce. The purpose of the short form notices is to provide consumers enhanced transparency about the data collection and sharing practices of apps that consumers use. This code does not apply to software that a consumer does not interact directly with or to inherent functions of the device.  This code also does not apply to apps that are solely provided to or sold to enterprises for use within those businesses. 

This Code of Conduct incorporates guidance from privacy, civil liberties, and consumer advocates, app developers, app publishers, and other entities across the mobile ecosystem. The transparency created by displaying information about application practices in a consistent way as set forth in this code is intended to help consumers compare and contrast data practices of apps. These short notices seek to enhance consumer trust in app information practices without discouraging innovation in mobile app notice or interfering with or undermining the consumer’s experience.  

This preamble explains the goals of the Code of Conduct and provides some guidance to developers regarding implementation. However, it does not impose operational requirements beyond those set forth in Sections II., III., and IV. below.   

Where practicable, app developers are encouraged to provide consumers with access to the short notice prior to download or purchase of the app.   When appropriate, some app developers may elect to offer short form notice in multiple languages.  

App developers should be aware that there are other Fair Information Practices (FIPs) beyond transparency; app developers are encouraged to adhere to the full set of FIPs.    This Code of Conduct addresses short form notices about collection and sharing of consumer information with third parties. App developers should be aware that California’s Online Privacy Protection Act and other privacy laws may also require app developers to post a long form privacy policy...


I so want to insert something snarky, but I'm frankly tired of that (well I'm never tired of being snarky, but the prism, NSA, kinect is a spy, tin foil hat, omg my cat's going to kill me in my sleep, yada, yada, stuff). Anyway, it's good to see some active guidance that looks reasonable and actionable...

No comments: