Online companies may face action by Congress to toughen U.S. privacy standards if they don’t do a better job of protecting the privacy of mobile device users, Federal Trade Commission Chairman Jon Leibowitz said today.
If some companies “don’t wake up and do the right thing, my sense is that industry is far more likely to face much more prescriptive laws down the road,” Leibowitz, the outgoing FTC head, said on a conference call with reporters. “I don’t think that’s going to be very far down the road because privacy is the quintessential bipartisan issue in Congress.”
The FTC today released a set of mobile-privacy recommendations for application stores, such as those run by Apple Inc. and Google Inc., app developers and online advertising networks. FTC staff “strongly encourages” companies to adopt the non-binding guidelines, the agency said in a news release.
The growing popularity of mobile devices and apps that can, for example, track a user’s location and habits has prompted hearings and proposals by U.S. lawmakers for privacy legislation. Mobile application store revenue is expected to reach $74 billion in 2016, from $15 billion last year, according to technology research firm Gartner Inc.
The FTC report is reminder to industry that the agency is “on the case,” said Jeffrey Chester, executive director of the Center for Digital Democracy, a Washington-based privacy group. At the same time, Chester said the report fell short by focusing on how companies disclose their data practices without looking at the broader issue of how they collect information from users.
“Consumers aren’t aware of the massive amounts of data scooped out of the mobile device that are used, analyzed and sold to the highest bidder,” Chester said.
The FTC also announced a settlement today with Path Inc., the developer of a mobile social-networking application, over complaints that it deceived consumers by collecting personal information from mobile address books.
As part of the settlement, Path will develop a comprehensive privacy program and submit to independent privacy assessments over the next 20 years, according to the FTC. The company will also pay $800,000 to settle charges that it illegally collected data from about 3,000 children without getting their parents’ consent. Path said in a blog post that it has since closed those accounts.
The FTC mobile-privacy report is one of the agency’s last actions under Leibowitz, who said that he will leave for the private sector by Feb. 15 after eight years at the commission.
The report contains guidelines for mobile “platforms” such as Apple and Google, recommending that they develop a dashboard for users to see the type of content accessed by apps they have downloaded; tell users to what extent they review apps before making them available; and offer a “do not track” mechanism to let consumers prevent tracking by ad networks and other third parties.
Apple spokesman Tom Neumayr declined to comment. Niki Fenwick, spokeswoman for Google, didn’t immediately respond to an email seeking comment.
The report says app developers should immediately get consumers’ consent before accessing and sharing sensitive information and do a better job of understanding how they integrate with ad networks to provide better disclosure to users about information that’s being collected.
“The Commission’s recommendation to make privacy policies a requirement for apps is a sensible step and one that ACT has been advocating to its members for some time,” Morgan Reed, executive director of the Association for Competitive Technology, a group representing 5,000 app developers and technology firms, said in an e-mail message.
Separate from the FTC, the U.S. Commerce Department is holding a series of meetings involving companies and consumer advocates to hammer out a voluntary code of conduct for informing users about the kinds of personal data their mobile applications collect and how the information is used.