• Mobile Marketing Association Issues Proposed Privacy Policy Guidelines for Mobile App Developers
  • October 21, 2011 | Author: Ieuan Jolly
  • Law Firm: Loeb & Loeb LLP - New York Office
  • The collection of information through mobile apps has been the topic of new federal legislation, Congressional hearings, and several class action lawsuits. This week, the Mobile Marketing Association (MMA), the global trade group for the mobile industry, released guidance in the form of an annotated privacy policy for mobile app developers. The MMA is seeking public comment on the guidance until November 18.

    The MMA stated that the privacy policy is intended as a starting point and mobile app developers will need to tailor it to their own individual practices. The MMA has not stated whether MMA members must comply with the privacy guidance, or whether the MMA will try to monitor or enforce compliance (as the Direct Marketing Association has done with the online behavioral advertising self-regulatory program).

    The MMA proposed privacy policy for mobile app developers addresses the following areas:

    • What information the application obtains (i.e., information provided by the user as well as information that is automatically collected) and how that information is used and/or shared.

    • Whether the application collects precise real-time location information, how that information is collected, and how it is used and/or shared. Whether consumers can opt-out from allowing the mobile application developer to have access to the consumer's location data and how to accomplish the opt-out.

    • Whether third parties see or have access to information obtained by the application, who the information is shared with, and how notice of a change in ownership or use of the information will be provided to consumers.

    • Whether the application works with third parties to deliver targeted advertising and whether consumers can opt-out of third-party use of information for targeted advertising.

    • How long information is retained, whether consumers can request to have information about them deleted, and how information will be safeguarded. How notice of changes to the privacy policy will be provided.

    There is no guidance in the proposed privacy policy about where and when the privacy policy should be provided to consumers.
    The guidance advises that if the application collects information from and/or for social networking platforms (e.g., pulling contact information, friends lists, login information, photos or check-ins), the application should ensure that the prior consent of the user is obtained.

    The guidance also states that mobile application developers should be aware of which mobile advertising networks and other third parties they are working with, in order to determine if that ad network or other third party is offering an opt-out. "At a minimum, application developers should take into account whether the app is advertising-supported and whether data is obtained by an ad network or other third party for the purpose of ad targeting."

    With regard to collecting information from children, the guidance states that mobile application developers should pay particular attention to the Children's Online Privacy Protection Act (COPPA) when creating apps "that contain cartoon characters or other features that may cause the app to be perceived as being directed towards children under 13."