It’s not the only case out there, but arguably the best known among the web community. The web (and consequently mobile community) is often at the cutting edge of technology and legal insecurities arise because of new constellations. A good current example is Airbnb’s gripes with a New York ruling in which a host has basically been fined for using Airbnb.
As a result however, we have a better knowledge of how things are to be done. The Federal Trade Commission released two documents that are a good read: Mobile App Developers: Start with Security & Mobile Privacy Disclosures: Building Trust through Transparency.
As the FTC goes on to explain in a blog post there are four key points we can take from Path’s settlement:
- The main message comes as no surprise: Honor your privacy promises and be especially careful when it comes to kids’ information. What’s a little different is that the message is going out with ATTN: MOBILE APP DEVELOPERS across the top. Well-established consumer protection principles apply across the board, including to companies in the mobile market.
- The default mindset about data collection used to be to gather as much as possible whenever possible. We’ve said it before, but that approach is like soooo 20th Century . As savvy companies know, the wiser approach — and a central tenet of “Privacy by Design” — is to think through your needs and ask only for information you have a legitimate reason to collect. Gathering data “just ‘cuz” doesn’t cut ice with consumers anymore.
- Just because a platform gives you the technological capability to do something, doesn’t mean it’s the right thing for your business or your users. It’s a mistake to assume that somebody else — for instance, a mobile operating system provider or a device manufacturer — has thought through the privacy implications. When it comes to your app and your users, the buck stops with you.
- COPPA isn’t just for kids’ sites. Yes, the rules apply when sites and online services are specifically designed for the under-13 set, but don’t be too quick to assume you’re not covered. The Rule also imposes legal responsibilities on operators who have actual knowledge they’re collecting personal info from kids.
These guidelines are self-explanatory. If you want to dive into the COPPA legislation and read for yourself what it says: here’s the text.