US government proposes new rules for transparency in app data collection
With mobile devices collecting and storing increasingly personal data on users, a new set of government proposals is aimed at making clearer the amount and type of information mobile apps are able to collect from both users and devices.
The new proposals lay out a "voluntary Code of Conduct for mobile application short notices," and it was developed over the course of a year by a group of stakeholders in a task force convened by the United States Department of Commerce and the National Telecommunications and Information Administration. The group's aim was to develop guidelines for the "short notice" informing users prior to a download what data an app collects as well as what it does with that data.
The guidelines call for app developers and publishers to detail whether they are collecting biometric, browser history, phone or text log, or contact data, as well as financial information, location information, user files, and biometric information.
That last category is seen by some as increasingly important due to the fact that a number of companies are developing wearable mobile devices. Apple in particular is thought to be working on a smart watch device ? dubbed iWatch ? that would likely regularly log users biometric data for interaction with apps.
The proposed rules call for publishers and developers to state in their short form notices whether the collected data is shared in a user-specific fashion with ad networks, carriers, consumer data resellers, data analytics providers, government entities, operating systems and platforms, other apps, or with social networks. They do not require notice, though, if a contract between the app and a third party explicitly limits the use of the data or prohibits sharing.
The guidelines also provide exceptions to the above rules, advice on designing the short form notices, and rules on linking to longer, fuller explanations of policies.
In a statement released alongside the new guidelines, Assistant Secretary of Commerce for Communications and Information Lawrence E. Strickling said that the NTIA was pleased that "a diverse group of stakeholders reached a seminal milestone in the efforts to enhance consumer privacy on mobile devices."
The American Civil Liberties Union has also come out in support of the document, calling it a "modest but important step forward."
For years now, the collection, retention, and transmission of user data have been points of concern among not only consumer activists, but also lawmakers and regulators. In 2011, a federal grand jury began investigating Android and iOS over their use of user data. Government regulators have also repeatedly asked both Apple and Google to more tightly police user privacy on their respective platforms.
The new proposals lay out a "voluntary Code of Conduct for mobile application short notices," and it was developed over the course of a year by a group of stakeholders in a task force convened by the United States Department of Commerce and the National Telecommunications and Information Administration. The group's aim was to develop guidelines for the "short notice" informing users prior to a download what data an app collects as well as what it does with that data.
The guidelines call for app developers and publishers to detail whether they are collecting biometric, browser history, phone or text log, or contact data, as well as financial information, location information, user files, and biometric information.
That last category is seen by some as increasingly important due to the fact that a number of companies are developing wearable mobile devices. Apple in particular is thought to be working on a smart watch device ? dubbed iWatch ? that would likely regularly log users biometric data for interaction with apps.
The proposed rules call for publishers and developers to state in their short form notices whether the collected data is shared in a user-specific fashion with ad networks, carriers, consumer data resellers, data analytics providers, government entities, operating systems and platforms, other apps, or with social networks. They do not require notice, though, if a contract between the app and a third party explicitly limits the use of the data or prohibits sharing.
The guidelines also provide exceptions to the above rules, advice on designing the short form notices, and rules on linking to longer, fuller explanations of policies.
In a statement released alongside the new guidelines, Assistant Secretary of Commerce for Communications and Information Lawrence E. Strickling said that the NTIA was pleased that "a diverse group of stakeholders reached a seminal milestone in the efforts to enhance consumer privacy on mobile devices."
The American Civil Liberties Union has also come out in support of the document, calling it a "modest but important step forward."
For years now, the collection, retention, and transmission of user data have been points of concern among not only consumer activists, but also lawmakers and regulators. In 2011, a federal grand jury began investigating Android and iOS over their use of user data. Government regulators have also repeatedly asked both Apple and Google to more tightly police user privacy on their respective platforms.
Comments
Google and Facebook must really hate this. Too bad it's voluntary.
Maybe Apple can say if you want your service on an iOS device, these rules are mandatory.
Quote:
Originally Posted by MikeSmoke
Well...uh....yepper. Them feds know a thing or two about collecting data.....
I wonder if the NSA will voluntarily apply these rules to their data collection practices?
Government wants one-way transparency: they see everything you do, you see nothing they do.
Quote:
Originally Posted by GadgetCanadaV2
Quote:
Originally Posted by MikeSmoke
Well...uh....yepper. Them feds know a thing or two about collecting data.....
I wonder if the NSA will voluntarily apply these rules to their data collection practices?
Beaten to the punch!
Apple could make it mandatory for their appstore whenever they see fit to do so. They already could have if they thought it was in their best interests. I'm sure they have their reasons for not doing it.
Govt: Do as we say, not as we do.
Boy, if that isn't hypocritical.