Shopping Apps Can Improve Data Use Practice Disclosure, FTC Report Says
Popular shopping apps often fail to provide information before download on how they manage payment disputes or consumer data, said an FTC report (http://1.usa.gov/1tCE5iT). “Consumers should be able to know what their potential liability is for unauthorized transactions ... before committing to use one of these services,” the FTC said. The survey of 121 apps also found that despite specific security promises, “most privacy policies used vague language that reserved broad rights to collect, use, and share consumer data.” If consumers are to compare, understand -- and ultimately trust -- mobile apps, companies should explicitly delineate their data collection, use and security practices, the FTC said.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The report ignored consumer expectations and undervalued existing channels for consumer redress, said Carl Szabo, policy counsel for e-commerce trade group NetChoice. “The FTC report demonizes apps for collecting information that a user would expect,” he said. “The FTC should avoid activities that unnecessarily limit or frighten away this technology.” FTC Consumer Protection Bureau Director Jessica Rich said consumer expectations shouldn’t absolve app developers from the responsibility to disclose payment and consumer data practices. “Consumers should not be left in the dark about their potential liability for erroneous or unauthorized charges or about the way shopping apps handle their data,” she said.
It’s the second FTC report on mobile apps’ data privacy practices this year. The commission previously took heat from industry groups over its look into 12 popular mobile health apps (CD June 16 p11), which said the apps were sharing a trove of potentially sensitive information -- everything from email addresses to keywords such as “ovulation” -- with 76 third-party companies (CD May 8 p22). Industry groups criticized the report as narrow and lacking context.
Friday’s report targeted popular shopping apps, including price comparison apps, deal apps and in-store payment apps. The total sample size -- 121 apps across the Google Play store and iTunes App stores -- is roughly 10 times that of the previous study. “As mobile apps become more central to the shopping experience, it’s important that consumers have meaningful information about how those apps work before they download them,” said Rich. Of the Google Play store apps reviewed, 30 percent had been downloaded more than 5 million times; 62 percent had passed 1 million downloads.
Nearly half of the in-store purchase apps -- 14 of 30 -- “did not disclose whether they had any dispute resolution or liability limits policies prior to download,” the FTC said. Of the 16 that did disclose, it said only nine “offered any written protections for their users,” while seven “disclaimed all liability.” Mobile payment transactions “are generally not protected by the statutory and/or contractual liability limits that consumers might expect based on their traditional shopping experiences,” the report concluded. “Consumers should be able to learn about their rights and protections before using a service.” A sidebar within the report explains how federal law applies to various types of mobile payments.
Consumers have more legal protections than the report lets on, said NetChoice’s Szabo. “Mobile apps are just a new form of our ordinary commercial transactions,” he said. “Statutory protections already exist for consumer transactions, whether via mobile app, computer, telephone, or cash register.” NetChoice’s members include Google.
The vast majority of apps examined collect personal information like name, phone number and home and email address, the FTC said. “Many apps’ privacy policies revealed that other personal data -- such as a user’s Social Security number, driver’s license, location, date of birth, or gender -- also might be collected,” with location being the most common, said the report. It criticized privacy policies for using vague terms like “enhance” or “improve” to explain the reason for such collection, and for insisting such collection is “necessary to provide the service.” Szabo responded that when using shopping apps, consumers expect something like location information is necessary: “For example, a price comparison app collecting location information: It does this so it can tell you if a store nearby has the item at a lower price."
A third of in-store purchase apps shared customer personal data without restrictions, the FTC said. But the majority of apps, which said they shared data with restrictions, “used vague language” to describe those restrictions, said the report. The prominence of privacy policies is a promising start, the FTC said, but the opaque wording in the policies gives apps “broad rights to collect, use, and share consumer information, rather than describe how the apps actually handle consumers’ data.”
"The good news is that reviews matter,” Szabo said. “This allows users to decide what issues are of greatest concern to them and punishes apps that fail to meet expectations.”