This past May mobile app developers dodged a bullet when a California state court sided with Delta Airlines in a dispute over its mobile app.
California’s attorney general had sued Delta, alleging that the company violated the state’s mobile privacy law, which requires a company to clearly state that users’ personal information is being collected.
Delta argued that, as an airline, it was subject to the federal Airline Deregulation Act and not state regulations. The judge agreed and dismissed the case.
‘Momentum Is Growing’
Still, mobile app providers should not assume the threat of mobile privacy regulation is over, Adam Grant, a partner with Alpert, Barr & Grant, told CRM Buyer.
On the contrary, “momentum is growing for some kind of federal-level mobile privacy law,” said Grant, who expects there will be something in place at the federal level within the next 12 months.
There is definitely significant behind-the-scenes activity in the area. It is fair to debate, though, whether such activity will translate into actual legislation, given the near certainty that industry will push back.
Either way, for mobile developers, this is not an issue to let slide off the radar.
‘Breaches on the Rise’
Earlier this year the Federal Trade Commission laid down new guidelines for mobile applications. Specifically, the new rules take the same rationale that ads in newspapers, radio and television are subject to, and apply it to mobile devices and social media as well.
Also earlier this year, the U.S. House of Representatives introduced a little-noticed act that Grant thinks has significant potential to become law — or at least further influence the debate on mobile privacy.
It’s the Application Privacy, Protection and Security (APPS) Act and, broadly speaking, it would require mobile developers to give notice and gain consent for any information gathering they do with a mobile app.
Meanwhile, the National Telecommunications and Information Administration, part of the U.S. Commerce Department, is working on a code of conduct for mobile developers that calls for similar practices, Grant said.
All of these various initiatives — from the FTC to NTIA — suggest that the mobile privacy issue is more alive than perhaps many in the industry realize.
Industry may groan at the regulation, but the silver lining around this particular cloud is that common guidelines would make life easier, Bluebox cofounder and COO Adam Ely told CRM Buyer.
“With breaches on the rise, states have already begun to address this issue with legislation,” Ely said. “However, a federal statute would be the most effective approach, and the sooner this is done, the better chance we have to stem the tide of rapidly escalating breaches.”
Planning Ahead
How soon that will happen, however, is not so clear.
“There hasn’t been a lot of debate of any of these existing proposals, especially regarding location privacy,” Daniel Castro, senior analyst at the Information Technology & Innovation Foundation, told CRM Buyer. “I would expect that if there was a push for legislation, the industry would push back and ask for more time to study and prepare for these proposals.”
That said, it will be the wise mobile developer who moves forward assuming that some kind of additional regulations will be in the offing.
Many developers already think along these lines, in fact, and have adopted a practice of “reserving” multiple permissions that aren’t actually needed in order to avoid having to ask for permissions again — such as upon adding features in future releases, Gavin Kim, chief commercial officer for NQ Mobile, told CRM Buyer.
‘A Front-Burner Issue’
Increasingly, in fact, mobile developers are recognizing that they do have to better explain not only what permissions they are requesting but also why they are requesting them, Kim said.
“For example, it makes sense that Foursquare needs your location,” he explained. “It does not make sense that a flashlight app does.”
Indeed, “privacy is now and will continue to be a front-burner issue for application developers in 2013 and beyond,” Mark Connon, executive vice president of corporate and business development at Nexage, told CRM Buyer.
“Mobile advertising companies and application providers will benefit by proactively and aggressively developing privacy policies that enable consumer notice and choice,” Cannon predicted, “and enforcing those policies through the technologies those developers deploy.”