Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
3Activity
0 of .
Results for:
No results containing your search query
P. 1
What Privacy Law Applies to Apps?

What Privacy Law Applies to Apps?

Ratings: (0)|Views: 627 |Likes:
Published by Shaun Dakin
What Privacy Law Applies to Apps?

There is no across-the-board privacy law in the United States, and there is no United States privacy law specifically applicable to Apps. Nevertheless, persons or entities that collect, use, share and or/retain personal information – including App Developers – are subject to various privacy laws at the federal and state level, including those that apply based on the nature of the data involved, such as financial, health or children’s data.

The information below summarizes the privacy laws App Developers should obey.
What Privacy Law Applies to Apps?

There is no across-the-board privacy law in the United States, and there is no United States privacy law specifically applicable to Apps. Nevertheless, persons or entities that collect, use, share and or/retain personal information – including App Developers – are subject to various privacy laws at the federal and state level, including those that apply based on the nature of the data involved, such as financial, health or children’s data.

The information below summarizes the privacy laws App Developers should obey.

More info:

Published by: Shaun Dakin on May 19, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less

08/16/2011

pdf

text

original

 
1
 What Privacy Law Applies to Apps?
*
There is no across-the-board privacy law in the United States, and there is no United States privacy law specifically applicable to Apps. Nevertheless, persons or entities that collect, use,share and or/retain personal information – including App Developers – are subject to various privacy laws at the federal and state level, including those that apply based on the nature of thedata involved, such as financial, health or children’s data.
i
 The information below summarizes the privacy laws App Developers should obey.Section 5 of the FTC Act: The Prohibition Against False or Deceptive PracticesSection 5 of the Federal Trade Commission (FTC) Act, 15 U.S.C. § 45(a), prohibits and makesunlawful “unfair methods of competition in or affecting commerce, and unfair or deceptive actsor practices in or affecting commerce.” The FTC enforces against companies that make privacy promises in privacy policies, but fail to keep those promises. That is, the companies collect, use,share or retain personal information in a way that is inconsistent with the representations theymade in their privacy policies.
The FTC also has enforced against companies whose privacy policies do not adequately inform consumers about the company’s actual practices.
To theextent mobile Apps similarly contain privacy policies and consumer representations about personal information, the FTC is empowered to take similar enforcement action against AppDevelopers.Laws Governing Specific InformationThere is a range of various federal laws governing the privacy of specific kinds of personalinformation.The federal Health Insurance Portability and Accountability Act (HIPAA) governing health datacollected by covered entities, the Gramm-Leach-Bliley (GLB) Act covering financial data, andthe Children's Online Privacy Protection Act (COPPA) covering data collected by children under 13 are examples of laws applicable to specific kinds of data, and to the extent Apps are covered by such laws because of their functions and collection of data, then these laws are App privacylaws.State LawsIn addition to law enacted at the federal level, states also have privacy and data security laws.Most states have so-called “mini-FTC Acts” under which they have authority similar to that of the FTC to take enforcement actions in response to unfair or deceptive trade practices. Thiscould include tracking consumers without proper notice or when a promise has been made not to
1
 
 
track consumer behavior .
A number of state attorneys general have been vigilant in enforcingagainst entities collecting personal information from consumers.Some states have specific privacy laws covering particular kinds of data and data collection, suchas California.
v
 It would appear that many of these specific laws apply to Apps and thecompanies that operate them.Forty-six states also have data security breach notification laws that require entities holding personal data to provide notices in the event of breaches of the security of that data, and thoselaws apply regardless of how the data may have been collected, meaning that data that iscollected by Apps that is subject to a security breach will trigger notification obligations.Certain states have specific data security obligations, as well.Private LitigationPrivate party litigation is not a significant source of legal rules applicable to App privacy.As a general matter, plaintiffs class action attorneys attempting to bring civil actions againstcompanies alleged to have violated consumer privacy rights by improperly collecting, using,sharing or retaining personal information have been unsuccessful. The cases either have beensettled by defendants for relatively modest amounts to avoid the cost of litigation and/or undue publicity or are unsuccessful because of the absence of legally cognizable damages flowing fromthe alleged misuse of the personal data.
 A number of privacy lawsuits concerning Apps and privacy are pending, but none have proceeded past the preliminary stage.Proposals for Improvements to Privacy and Their Impact on Legal ObligationsIn December 2010, both the staff of the FTC and the US Department of Commerce (DOC)issued preliminary reports proposing significant improvements in the way businesses handleconsumer information and changes in the controls consumers should have over their information.As these reports ripen into final versions, which are expected later in 2011, App Developersshould take the contents into account as they implement privacy protections for mobile Apps.The draft FTC Staff Report, entitled “Protecting Consumer Privacy in an Era of Rapid Change:A Proposed Framework for Businesses and Policymakers”
(FTC Report), makes clear that theagency’s existing privacy framework, developed by over forty years of FTC guidance andenforcement (
e.g.
, Fair Information Practice Principles, notice-and-choice models), remains in place. The FTC Report, however, makes equally clear that improvements to the existingframework are necessary given technological advances in the collection, use, sharing, andretention of information about consumers by businesses, and signals the direction that the FTCstaff believes privacy protections should move in the future.
The new framework, which the FTC staff stated should apply to all businesses that collect,
 
maintain, share, or otherwise use consumer data either online or offline, contains three top-levelmaxims:
 Privacy by Design
: Companies should promote consumer privacy throughout their organizations and at every stage of the development of their products and services. Thisincludes incorporating substantive privacy protections – such as data security and retention practices – into business processes and maintaining comprehensive data management procedures throughout the lifecycle of products and services (Note: in the mobile context,the FTC used as an example that if a mobile App is providing traffic and weather informationto a consumer based on his or her location information, it does not need to collect contactlists or call logs from the consumer’s device
).
Simplifying Consumer Choice
: Companies should simplify consumer choice, not justthrough notice about privacy practices prior to the use of a product or service in a lengthy privacy policy, but also by offering choice at a time and in a context in which the consumer is making a decision about his or her data (such as when the consumer is presented with atargeted online behavioral advertisement).
x
 Increasing Consumer Transparency
: Companies should increase the transparency of their data practices, such as by (i) clarifying, shortening, and standardizing privacy notices;(ii) providing reasonable access to the consumer data they maintain; (iii) providing prominentdisclosures and obtaining affirmative express consent before using consumer data in amaterially different manner than claimed when the data was collected; (iv) obtainingaffirmative express consent when sensitive information such as financial information iscollected and used for online behavioral advertising; and (v) working to educate consumersabout commercial data privacy practices.The Department of Commerce “Green Paper” entitled “Privacy and Information Innovation: ADynamic Privacy Framework for the Internet Age,”
(DOC Green Paper) argued that preservingconsumer privacy online and thereby bolstering consumer trust in the Internet is essential for  businesses to succeed online.
 Like the draft staff FTC Report, the DOC Green Paper proposedincreasing protections privacy principles, including by enhancing transparency, encouraginggreater detail in purpose specifications and use limitations, and fostering the development of verifiable auditing and accountability programs.As mentioned above, both the draft staff FTC Report and the DOC Green Paper are expected toaffect and influence U.S. privacy law and enforcement in the coming years, including withrespect to mobile Apps.Selected International Laws

Activity (3)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->