Privacy versus data and building consumer trust
The way we define the term privacy is subjective. In the United States, we police privacy based on a very broad definition under Section 5 of the Federal Trade Commission Act that prohibits “unfair or deceptive acts or practices in or affecting commerce.” The devil is in the policy details.
If the news headlines over the past few months are any indication, we are mighty confused with what to call private and what to call public, what to sanction and what not to sanction. How can we start to solve small-screen privacy when we have not solved our digital angst on the desktop?
Jules Polonetsky, director of the Future of Privacy Forum, says that when the browser invariably crashes it pops up a commiserating dialogue box asking you permission to send the diagnostic report to the browser company anonymously to help them fix bugs and build a better browser.
Faced with this privacy brief, only 3 percent of users click “Yes.”
Is it because we are digital immigrates? Our children happily offer data everyday about personal activity without hesitation.
Is the challenge simplifying the legal narrative to allow consumers to make an informed decision without interrupting their next click on the small screen? It seems an improbable feat.
In March, the Federal Trade Commission issued a report on best practices for businesses collecting personal data called “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers.”
The FTC, which is taking a proactive lead on privacy in the beltway, seems cognizant that it needs to create a flexible framework to best interpret what is unfair or deceptive in Section 5 of the Federal Trade Commission Act.
It seems easy when privacy is not an issue.
The FTC can challenge a mobile application such as “Acne Pwner” that promised acne removal by providing blue and red light treatments on the phone.
Acne Pwner used deceptive statements to drive 11,600 downloads from the iTunes store, where it was sold for $1.99.
But even with privacy issues, there are clear-cut cases.
File-sharing services such as the FrostWire app presented unfair design when it sets its default to share all pictures on the phone with others.
The FTC accused FrostWire of disregarding the privacy of its users by not making it clear enough that their files are publicly shared.
However, the lines are blurred for many apps and mobile Web services.
I was in Washington on April 24 at a Mobile Entertainment Forum privacy summit with the FTC, Federal Reserve and other key stakeholders to discuss how the industry can build on these guidelines and further clarify how the industry can create transparency and build trust with the new digital consumer.
The FTC presented its findings and separately the group of industry stakeholders discussed steps to advance best practice. MEF discussed the need to:
2. Establish best practice and provide practical tools across the mobile value-chain built on the consumer’s informed consent.
Patricia Poss, chief of the mobile technology unit at the Bureau of Consumer Protection, explained that the bureau asks the following key questions when evaluating the integrity of an in-market app:
• Who collects what information?
• How is it used?
• With whom is it shared?
• Are consumers being adequately informed?
• Do the consumers have a choice?
Ms. Poss acknowledges that mobile provides unique challenges.
The phone is a data collector. It has a camera, microphone, gyroscope, compass and location features.
This data is collected on a small screen on the go in an impulse manner. The phone is social by design and so makes sharing information seem natural and easy.
Rules to build by
As a developer, limit collection of data to what you need and purge what you do not.
But, most importantly, Ms. Poss says to establish short, meaningful disclosures to the consumer. Aim for:
• Privacy by design
• Simplified choice
• Greater transparency
The challenge for the industry is taking the FTC’s insights and interpreting them in a way that drives trust, not trepidation.
Many acknowledge that privacy policies are written to avoid a run-in with the FTC, not with the end-consumer in mind.
How can we hope to advance consumer trust in commerce and content apps by wordsmithing lengthy legalspeak on a small screen with a consumer on the run?
Is the dilemma solved by:
• not disclosing (CarrierIQ)
• showing a value exchange (foursquare)
• simplifying and standardizing (Google)
In many cases we may have less of a problem if we stop calling this a “privacy discussion.”
We have to help the consumer simply draw that comfort line of private versus public.
Please click here to read the FTC document, “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers”