This post appeared in the San Jose Mercury News on February 27, 2012
by Larry Magid
I might be overly optimistic, but I hope this will be remembered as the month digital privacy rights finally started to become real.
Last Wednesday, California Attorney General Kamala Harris announced an agreement with Apple, Google, Microsoft, Amazon, Hewlett-Packard and Research In Motion that would require app developers to abide by California’s existing privacy law and disclose their privacy policies in plain language before users download their apps. On Thursday, the Obama administration released a report calling for a “Consumer Privacy Bill of Rights.”
Although late to the game, these initiatives came at an opportune time. As I mentioned in last week’s column, we have had a spade of privacy invasions lately, including an incident where a popular smartphone app was uploading entire user contact lists to its servers without notification or permission.
Part of the problem is that consumers have been left in the dark. Just like software running on a PC, an app running on a smartphone can do anything it’s programmed to do, and there are very few people who have the technical expertise to peer under the hood to figure out exactly what the app is doing.
So the only way the average consumer can know what information an app is collecting and what it’s doing with that data is for the app developer to tell them. But not all app developers post privacy policies. And even those that do often don’t put them in plain language and make them accessible to consumers at the point of download.
The situation is not better for apps aimed at children. On Feb. 16, the Federal Trade Commission issued a report titled “Mobile Apps for Kids: Current Privacy Disclosures Are Disappointing.” It found that, “In most instances, staff was unable to determine from the information on the app store page or the developer’s landing page whether an app collected any data, let alone the type of data collected, the purpose for such collection, and who … obtained access to such data.”
There’s also that pesky issue of third-party tracking cookies that ad networks like Google’s DoubeClick use to follow you around the Web so they can target you with ads based on sites you’ve visited. That issue raised its head again last week after the Wall Street Journal reported that Google was going around technology built into Apple’s Safari browser to block third-party tracking.
Microsoft later claimed that Google was also defeating its cookie blocking system. Google responded that it was only doing that for users who were signed in and that, “It’s important to stress that these advertising cookies do not collect personal information.”
The current state of affairs is actually bad for all stakeholders. While being able to sneak a few targeted ads past consumers might put some extra money in the coffers of Internet advertising companies, it also erodes consumer confidence. If stories like the ones we’ve been bombarded with lately continue to dominate the news, consumers are likely to start shying away from using some of these technologies or employ third-party blocking tools, which could cause additional problems for advertisers and app companies.
Privacy a fundamental right
Also, as the Obama administration’s report pointed out, deceptive privacy practices are downright un-American. OK, I exaggerate. But in the report’s opening statement, President Barack Obama made the point that “From the birth of our republic, we assured ourselves protection against unlawful intrusion into our homes and our personal papers.” Long before the Internet, he reminded us, “we set up a postal system to enable citizens all over the new nation to engage in commerce and political discussion,” and “Congress made it a crime to invade the privacy of the mails.” I’m sure that Benjamin Franklin, America’s first Postmaster General, would agree that that’s a pretty good precedent.
The so-called “Consumer Privacy Bill of Rights” the White House plans to send to Congress for passage would provide for individual control over our personal data along with transparency — the “right to easily understandable and accessible information about privacy and security practices.” It also calls for “respect for context,” so consumers can expect companies to collect and use personal information in context for the purposes that it’s needed. The rights also include secure and responsible handing of data, consumer access to our own data, reasonable limits on the use of our data and accountability that companies are adhering to this bill of rights.
What the proposed rights lack is specificity. The administration calls them “general principles that afford companies discretion in how they implement them.” This flexibility, said the White House, “will help promote innovation.”
The administration is encouraging Congress to provide both the Federal Trade Commission and state attorneys general with the authority to enforce the Consumer Privacy Bill of Rights.
Next, I assume, comes a series of hearings on Capitol Hill, where legislators will pounce on evil companies for forcing the government to take a strong stand and companies will extoll the virtues of self-regulation.
Some would call self-regulation the fox guarding the chicken coop, while others would brand heavy-handed government rules as stifling innovation. I call on Congress to conduct this important discussion calmly, rationally, clearly and openly so that the rest of us can both listen-in and weigh-in.
Anne Collier (my ConnectSafely.org co-director) on privacy tipping point
My interview with California Attorney General Kamala Harris on app data privacy