Mobile App Privacy Needs To Grow Up And Shrink Down

At this week’s Mobile Insider Summit in Key Largo, Fla., ESPN SVP of Mobile Michael Bayles laid on us a striking stat from a brand that is as mobilized as any I can name. He said the company is seeing growth in apps at five times the rate of growth of its massively popular Web site. Many of us in mobile media heard throughout 2011 that the mobile Web was ascendant after years of focus on apps. Bayle tells us that among its leading edge users, the move to apps is on. Whether this applies across content and brand categories is an open question, but apps are a critical piece of the media mix now, and it is time we started treating their privacy policies with some seriousness.

The Mobile Marketing Association this week issued guidelines for app designers crafting privacy policies. This is sorely needed, but it only begins to address the larger issue of managing privacy issues on mobile.

The first part of this project is doing what the MMA has done: offer a set of templates for designers that they can adapt to their own content category, recommending  It recommends a way to speak to the user and which critical aspects of data collection need to be addressed. Of particular importance on mobile is the distinction between automatically collected information (data collected without user input) and data provided by the user via form filling and registration.

On mobile the critical component for many people will be location information. While mobile phones communicate back to publishers the same sort of data a browser does (operating system, browser type) they also can communicate the device’s unique ID as well as real time location information. I would love to see more research done on the levels of sensitivity consumer have to different kinds of data collection, but I suspect that real-time and highly precise location information would prove to be among the most sensitive. The MMA takes care in singling this data point out and advising publishers to spell out what kinds of location information is collected and how. They also advise specificity in how the data is used.

Many of the major mobile publishers have started including privacy policies in their apps of one sort or another. And this was not always the case even six months ago. For many media companies and brands, privacy policies seemed to be at best an afterthought.

Nevertheless, the key challenge before everyone now is making the privacy policy relevant and usable by the mobile customer. For instance, ESPN’s own flagship app is ScoreCenter, which lets you customize sports reporting to your own teams and even sends you alerts about game starts and results. That is an awful lot of personalization, which is great from the standpoint of mobile utility.

But for any curious or wary mobile user, this personalization raises some specific questions about data use. And yet if you do find the privacy policy in the app, it kicks you over to an embedded browser and full site version of the Disney generic privacy policy. That likely covers Disney’s butt well enough, but it doesn’t do what the rest of the app does so well -- recognize that mobile is a discrete platform that requires different formats and raises unique privacy issues.

Let’s look at another leading mobile app, Weather Channel. Its privacy policy is formatted for mobile, but not written for mobile. It scrolls on endlessly and speaks mainly about Weather.com.

Huh? Even the privacy policies that do appear in apps actually don’t seem to apply to apps or mobile specifically?

Oh, yes. It gets worse. Try Amazon’s very popular mobile app. This app makes you drill down into “Legal” information before you get to a privacy policy. Once there, you find that not only is it another generic Amazon.com policy but was last updated in September 2008.

How about one of my favorite shopping apps from Best Buy? Man, there is a lot of language about terms and conditions, but no privacy policy at all that I could find.

Gee, I am starting to wonder if anyone is getting close. Much to my surprise, one of the most mobile-friendly privacy approaches I see on my smartphone deck comes from one of the most controversial companies in terms of privacy: Facebook. While far from perfect, the Facebook app for iOS gives you both general posting advice and controls but also links to all of the apps already on your deck that are using Facebook Connect. The screens reiterate what information you are sharing with the third parties, and lets you remove the link or adjust the sharing pieces that are not required. While I still find Facebook’s various privacy definitions and distinctions a bit inscrutable, the basic format and level of context-awareness is welcome.

Apps raise the privacy issue for a range of content providers that may not have considered it before. Book publishers didn’t need a privacy policy in their titles. But once a book become interactive, there is the ability for usage tracking. What does the game publisher or children’s book-app maker do about COPPA compliance?

Privacy policies in apps need to be present in all apps, whether from a publisher running advertising or a brand delivering store locators. The policies need to be as brief and clear as legally permissible. But they also need to be as contextually aware as the apps themselves. My guess is that the mobile user is more concerned about some mobile capabilities like location tracking. These are concerns that need to be addressed by something other than a reiteration of a generic Web site policy.

Tags: mobile, privacy
Recommend (2)
1 comment about "Mobile App Privacy Needs To Grow Up And Shrink Down ".
  1. P W from Privacymatters , January 27, 2012 at 5:44 p.m.
    There other organisations that began looking at this issue much earlier and have been leading on addressing app privacy. The GSMA has for example, developed privacy design guidelines for mobile application development - see www.gsma.com/mobileprivacy