[as prepared for delivery]
The FTC is tasked with protecting consumer privacy and ensuring transparency in the marketplace, so it is critical that we keep pace with technological developments that implicate privacy issues. Nowhere is this more evident than in the mobile environment.
Today we are taking action on three fronts to protect consumer privacy on mobile devices: (1) a case against Path, a social networking app that we believe unlawfully collected personal information; (2) a report calling for better privacy disclosures on mobile devices; and (3) new small business education materials for app developers.
As all of us know, we are in the midst of a mobile revolution. In just the fourth quarter of 2012, consumers worldwide bought approximately 217 million smartphones. These devices provide enormous benefits. In a typical day, we use our smartphones to read the latest news, email or text our friends and family, post status updates on social networks, find nearby movie theaters and buy tickets to the latest release, and even pay for a cup of coffee.
At the same time, mobile technology presents unique privacy challenges. My mobile device is personal to me, usually turned on, and almost always with me. It can easily be used to track my location and build a detailed profile of my movements over time. And in the complicated mobile ecosystem, multiple companies may have access to my information, including wireless providers, mobile operating systems, handset manufacturers, application developers, analytics companies, and advertisers. All of this can leave us wondering whether and how our privacy interests are being protected.
Law enforcement remains central to our consumer protection mission. Today we announce a complaint and settlement against Path, a social networking app that accessed users’ contacts without permission.
Path is used by millions of Americans to share personal journals with a network of up to 150 friends. In its version for Apple devices, Path offered a “Find Friends” feature that provided users with the option of adding friends to their network. However, even if the user did not select that option, Path automatically collected and stored personal information from the user’s mobile device address book. This practice, we believe, was deceptive and violated the FTC Act.
We also believe that Path collected information from children under 13 without obtaining parental consent, in violation of the Children’s Online Privacy Protection Act. Path agreed to pay an 800,000 dollar civil penalty. Just as we did with Google, Facebook, and MySpace, we are requiring the company to implement a comprehensive privacy program and obtain outside audits.
The FTC has had a policy function since the agency was created 99 years ago in 1914. So on the policy side, we are releasing a report that makes recommendations for how app stores, app developers, advertisers, and analytics companies can convey critical privacy information to consumers on mobile devices.
Let me highlight some key recommendations. The report urges platforms like Apple, Google, Microsoft, and Blackberry to provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geolocation; some companies do this already. The report also encourages these platforms to promote best practices among app developers and to offer a Do Not Track mechanism for smartphone users.
In addition, the report urges app developers to disclose their privacy practices and obtain affirmative express consent from consumers before sharing sensitive data with ad networks and other third parties.
To their credit, many companies -- including some app developer trade associations and platforms -- have already begun addressing these issues. We applaud their ongoing efforts. The Department of Commerce is also in the midst of a multi-stakeholder process to develop a code of conduct on mobile transparency, and we hope that our report will provide useful input for stakeholders developing guidance in this area.
Third, education remains a vital complement to our enforcement and policy work. That is particularly true in the app space, where we’ve found that a number of small developers are rushing to get their cool new technologies out to the public, but not practicing privacy by design -- perhaps because they don’t know about their obligations to consumers. To address this issue, we have a new publication for app developers, which provides tips on how to safeguard consumers’ information.
Although our announcement today involves business models and technology that have seen recent explosive growth, the principles underlying our work – transparency, truthfulness, and robust security -- are the same ones that have driven our approach to privacy for decades. These principles are universal and uncontroversial: Tell consumers what you’re doing with their data. Don’t mislead them. And once you have their data, be responsible stewards; safeguard that data from hackers, identity thieves, and other malefactors.
Some companies are doing a good job following these principles and protecting consumer privacy, but if other companies don’t wake up and do better, industry is more likely to face more proscriptive laws down the road. And not very far down the road, because privacy is a bipartisan issue.
A core part of our consumer protection work involves notice and disclosure, but these principles apply equally in the FTC’s work promoting competition. Today the FTC, along with the Department of Justice, will file with the Patent and Trademark Office a comment supporting PTO’s efforts to improve the disclosure of information relating to the true, controlling owner of patents.
The absence of this information can leave businesses in the dark about the real costs of alternative technologies and could allow patent holders -- sometimes called patent trolls -- to extract royalties for their patents in excess of their real market value. That’s called “patent hold-up” and it raises the cost of technology to all Americans. The disclosure of this information will make markets function more effectively and more transparently, benefiting consumers and businesses alike. This joint filing with the DOJ is a real testament to the leadership of Bill Baer, Assistant Attorney General for Antitrust, and to the close and collaborative relationship between our agency and the Antitrust Division.
These initiatives are really just in a typical day’s work at the FTC. It’s one of the reasons I will miss this agency and its dedicated, smart, collegial and consensus-driven staff -- and members.
Book/CDs by Michael E. Eidenmuller, Published by McGraw-Hill (2008)
See also: FTC 203 Mobile Privacy Report and Recommendations.pdf
Text Source: ftc.gov
Page Updated: 4/18/19
U.S. Copyright Status: Text and Image = Public domain.