With the unprecedented growth of the app ecosystem, user privacy is becoming more and more of a hot button issue, especially when that privacy is violated. For many users, finding and downloading a new app is something that has become almost second-nature; we browse our favorite app stores, we find an app that looks promising, we download it. Done. However, while it’s certainly a good thing that users are becoming accustomed to apps, it’s also bringing up to the surface privacy problems that need to be addressed before this ecosystem – as beautiful and thriving as it certainly is – gets out of control.
Even though most people realize that many apps and social networking services do indeed gather personal information – location, names, addresses, etc. – users still value their privacy very highly, and want a reasonable amount of control over how that data is collected, used, and shared. Even though a lot of information gathering is definitely becoming standard in the industry, it’s disrespectful to the user to make this the default state of affairs within the app experience. Users are worthy of developers’ respect, and to that end, there need to be safety measures in place within an app itself that protect their data.
While the process of gathering information within an app is certainly becoming commonplace, there have got to be privacy guidelines in place to make sure that nothing is shared or collected that shouldn’t be. It’s easy to focus on just getting the product out to market and keeping up with innovation, and there’s definitely nothing wrong with either of those things. However, developers also need checks and balances at every stage of development to make sure that privacy rights are not being violated.
How much is collected?
A framework for privacy
Last February, the White House released a lengthy (45+ pages, PDF) treatise titled “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy”. If you’re an app developer looking to get a good overview of how user privacy should be protected within software applications, this is a good one to read. According to the paper, there are seven basic rights that users have within apps in regards to privacy:
Individual Control. “Consumers have a basic right to exercise control over what personal data companies collect and how they use it.” Users need to know what is being collected and how it’s going to be used. This should be something that is easily accessible by the user; in fact, it should be as easy to give consent as it is to withdraw. For example, if I tell you it’s okay for you to use my location, it should be just as easy for me to tell you NOT to use it.
Transparency. “Consumers have a right to easily understandable and accessible information about privacy and security practices.” It should be clear what data the app actually intends to access, along with how long this data will be kept and who it will potentially be shared with. In addition, all privacy policies should be available to users both before and after initial app installation.
Respect for Context. “Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.” The specific set of data ths is found on mobile devices, tablets, and convertibles/PCs – address books, photo collections, location data, information from phone calls, text messages, etc. – is all a wide set of data that could potentially be used for many different purposes. Developers are responsible to notify users of possible collection of this data, as well as exactly what the information is going to be used for, and where. There should also be significant effort aimed at making this information as anonymous as possible while still accomplishing maximum functionality within the app.
Security. “Consumers have a right to secure and responsible handling of personal data.” All this data that users are sharing with the app is the responsibility of the developer to keep safe. It should be encrypted and protected when being used, collected, shared, or transported.
Focused Collection. “Consumers have a right to reasonable limits on the personal data that companies collect and retain.” We know that it’s important to have some information collected as part of the personalization process; this is something that users expect and it definitely improves the overall user experience. However, there should be a reasonable expectation of how much information is actually collected.
Accountability. “Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.” Users do have rights to privacy and developers should be respectful of these rights. Consumers also have the right to hold developers accountable for the privacy policies that they integrate in apps; in other words, if developers post that they are not going to use user information in third-party advertising networks – but go ahead and do so otherwise – than users have a legitimate bone to pick.
Privacy as a right
The app ecosystem is growing at leaps and bounds, and shows no signs of stopping anytime soon. It’s a great time to be a developer! Along with this fantastic growth comes a rising concern about privacy, especially in regards to data collection. Developers should be mindful of the different privacy pitfalls that are possible, and strive to make their apps as secure and as respectful to users as possible.
If you’re a developer, how have you implemented privacy within your apps? What do you think is something that more apps should be doing (or not be doing) in regards to privacy? Share with us in the comments.