The National Telecommunications and Information Administration
Thursday released a draft of a voluntary mobile app code of conduct, the result
of a multistakeholder process spurred by the Obama Administration's push for an
online privacy "bill of rights."
The code essentially directs app developers and publishers
to provide consumers with short-form notices, in multiple languages where
appropriate, on how information is collected and shared by the app.
The notices, says the code, should include:
"(a) the collection of [various] types of data
and whether or not consumers know that it is being collected; b) a means
user-specific data, if any, with third parties listed in Section II.B as
defined below; and d) the identity of the entity providing the app."
The notices need to be easy to read and understand and must
include whether the app collects biometrics, browser history, phone logs,
contacts, financial info, health or medical info, location information or user
The notice does not have to be included if the collection is
incidental and actively submitted by a user through an open field, rather than
being encouraged to submit that specific data.
The notice should also include whether that info is
transmitted to ad networks, carriers, consumer data resellers, data analytics
providers, government entities, operating systems and platforms, other apps and
The notice is not required for sharing data with third
parties if there is a contract between the app and the third party that limits
use of the data to provide a service to or on behalf of the app or the contract
prohibits sharing the consumer data with other third parties.
Notice is not required if the data is not identified or
de-identified if steps are taken to insure it cannot be re-associated with a
The code encourages flexibility and creativity in creating
the notice, so long as the font stands out and the notice is easily accessible.
CTIA: The Wireless Association did not outright
endorse the code, but praised the process encouraged its members to kick the
tires on the code. "CTIA has been encouraged by the experience of parties
working together in the multistakeholder process," it said in a statement.
"While member companies will need to evaluate the final Code thoroughly,
CTIA supports company consideration of the draft Code of Conduct for voluntary
adoption and support."