Open Source Code Gives Data Collection, Use Notifications for Consumers
Open source code for app developers released Wednesday aims to give users easy-to-read, just-in-time notifications on data collection and data use, said Application Developers Alliance Vice President-Law Policy and Government Affairs Tim Sparapani in an interview. “It literally boils the ocean down to what we think is truly critical information for consumers,” he said. “Like looking at an ingredient list.”
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The alliance developed the code (http://bit.ly/1sXodab) with Intuit as a follow-up to the NTIA-backed mobile privacy code of conduct (CD July 29 p8), said Barb Lawler, Intuit chief privacy officer in an interview. She said the code can be dropped into an app’s code so the notifications pop up in a variety of places -- before or after download, when the app is launched, or in the middle of using the app (http://bit.ly/Uq9lT4). It’s the first tangible product developed with the code’s principles in mind, Lawler said. Sparapani added: “It shows that the multistakeholder process ... can yield tremendous victories on privacy for consumers."
Intuit and the alliance fielded input from privacy and consumer advocates -- the World Privacy Forum, Consumer Action, the American Civil Liberties Union and the Future of Privacy Forum. “This was a rare example where a group of parties on all sides of the line came together,” said WPF Executive Director Pam Dixon in an interview. Dixon said WPF “really dug our heels in on the drafting” to ensure the notifications included whether an app shared health data and whether it shared any information with data brokers. “I'm really, really pleased about it,” she said. The consumer advocate groups “are the litmus test for what the most interested consumers are going to be looking for,” Sparapani told us.
An opt-out feature was tested and dismissed during development, Lawler said. “We thought a lot about that question,” she said. The variability of operating systems made an opt-out technically difficult to incorporate into the code, said Lawler. “In the future, that might be something interesting to experiment with,” she said. The group agreed “it was critical first and foremost” to provide users with data privacy notifications “in line with what the code of conduct requires,” said Lawler. Tackling opt-out would require getting “everyone back in the room,” not an easy task, Dixon said.
The FTC has repeatedly asked industry to develop its own privacy and consumer awareness protections. The FTC’s 2012 privacy report (http://1.usa.gov/1cPhLc0) said “the commission calls on companies providing mobile services to work toward improved privacy protections, including the development of short, meaningful disclosures.” This code “is exactly that,” Sparapani said. “I do hope they encourage industry to use it,” Dixon said. The group didn’t have any interaction with the FTC while developing the code, Sparapani said. The FTC did not comment. “It is important when there is leadership shown on privacy,” Sparapani said, “that the FTC acknowledge that leadership, recognize how the ball has been advanced for consumers and find a way of trumpeting those consumer gains."
Sparapani believes the code’s “ease of execution” will push apps to compete on privacy and enable small developers to match large companies on privacy notifications. The code is also the first portion of “an interesting larger discussion” as mobile devices morph and integrate into the Internet of Things, Lawler said. “What does transparency mean when you have a device that may not have a screen at all?” she asked. “That could be everything from audio cues, hand cues, to other visual cues,” she said. “When we're thinking about those kind of devices, we need to think globally.”