Add the Consumer Federation of America to the NGOs not happy
with the new draft of a mobile app voluntary code of conduct, saying both the
code and the process that produced it are seriously flawed.
The National Telecommunications and Information
Administration released the final draft Thursday, the work product of months of
sometimes contentious negotiations among stakeholders, public interest groups
and others. It provides for short-form notices to consumers about what info apps
are collecting and how they are being shared.
"While the idea of short-form notices is appealing, the
information that they would provide under this code falls far short of what is
needed to tell mobile application users what is really happening with their
data," said Susan Grant, director of consumer protection at CFA. "It
does not explain how their data will be used beyond what is necessary for the
function of the app. Moreover, the information about what kind of data is
collected and with whom it is shared is very limited. Most disturbingly, while
the code calls for mobile app developers to disclose whether users' data will
be shared with certain types of third parties, such as social networks and ad
networks, no disclosure is required when the data is shared with the very same
types of entities if they are part of the same corporate structure as the app
Grant expressed frustration at the process -- NTIA voted on
the draft at its last meeting -- and the work product, but abstained rather
than dissented in deference to the work of other NGO's on the code. The
Consumer Federation of America also abstained. Grant said she was not sure
she would call it a multistakeholder process, and said she was concerned the
process would be used as evidence to the world that privacy issues can be
addressed without actually enacting laws that protect privacy.
The White House has called on Congress to codify the privacy
bill of rights and Grant echoed that call, though she recognizes it is tough to
get any legislation through a divided Congress.
The multistakeholder process appeared to be pretty divided
itself. Grant said that she was a member of the testing subcommittee, but that
it could never agree on how to conduct tests of the notice language so they
were never conducted. She also said she would likely sit out the meetings on
the next topic, which could be facial recognition.
The mobile app initiative is part of the government-led
effort to flesh out an online privacy "bill of rights" embodying
eight basic principles: Individual Control, Transparency, Respect for Context
(data used consistent with context in which consumers provided it), Security,
Access and Accuracy, Focused Collection ("reasonable limits") and
Accountability (appropriate safeguards for data collection).
The White House has pushed Congress to codify those, but in
the meantime called on industry players to commit voluntarily. Violators of
that commitment could then be the target of FTC action under its charter to go
after "false and deceptive" claims.
NTIA hosted a series of stakeholder meetings to
come up with ways to bake such protections into a privacy Bill of Rights, with
focus on mobile apps.