Insights
Publications Events

NTIA Code of Conduct for Mobile App Notices: Let Transparency Be Your Guide

Publisher: Day Pitney White Paper
March 14, 2014

The National Telecommunications and Information Administration (NTIA) announced a voluntary Code of Conduct for mobile application ("app") short notices, (Code of Conduct) developed through the Multi-Stakeholder Process on Application Transparency convened by the U.S. Department of Commerce in June 2013. The purpose of the short form notices is to provide consumers enhanced transparency about the data collection and sharing practices of apps that consumers use. See http://www.ntia.doc.gov/files/ntia/publications/july_25_code_draft.pdf.

The Code of Conduct provides that app developers and publishers that voluntarily elect to enhance transparency by adopting a short form notice should describe in the notice

a) "the collection of types of data collected" (see the list of data categories below), and "whether or not consumers know that it is being collected";

b) "a means of accessing a long form privacy policy, if any exists";

c) "the sharing of user-specific data, if any, with third parties" (see the list of third-parties below); and

d) "the identity of the entity providing the app."

The Code of Conduct requires that "short form notices" convey the required information to app users in "a consistent manner that is easy for consumers to read and understand."

In particular, the short form notice should clearly disclose collection of the following data categories:

  • Biometrics (information about the user's body, including fingerprints, facial recognition, signature and/or voiceprint)
  • Browser History (a list of websites visited)
  • Phone or Text Log (a list of the calls or texts made or received)
  • Contacts (including a list of contacts and social networking connections, and their phone numbers and postal, e-mail and text addresses)
  • Financial Info (includes credit-, bank- and consumer-specific financial information such as transaction data)
  • Health, Medical or Therapy Info (including health claims and other information used to ensure health or wellness)
  • Location (precise past or current location of where a user has gone)
  • User Files (files stored on the device that contain a user's content, such as calendar, photos, text or video)

Further, the short form notice should state whether the app shares user-specific data with any of the following categories of third-party entities:

  • Ad Networks (companies that display ads to the user through apps)
  • Carriers (companies that provide mobile connections)
  • Consumer Data Resellers (companies that sell consumer information to other companies for multiple purposes, including offering products and services that may interest the user)
  • Data Analytics Providers (companies that collect and analyze the user's data)
  • Government Entities (any sharing with the government except where required by law or expressly permitted in an emergency)
  • Operating Systems and Platforms (software companies that power devices and app stores and companies that provide common tools and information about app consumers)
  • Other Apps (other apps of companies that the consumer may not have a relationship with)
  • Social Networks (companies that connect individuals around common interests and facilitate sharing)

At the beginning of March, software developer Intuit Inc. announced it would soon release an open source code that will allow mobile app developers to craft short privacy notices that comply with the NTIA proposed voluntary short form notice provisions. The code will provide a customizable template that developers can use to develop a privacy notice that will incorporate all of the elements described above. This announcement comes a week after Lookout Mobile Security released its own open-source mobile app privacy notice code for developers.

These open source code modules should encourage mobile app developers to voluntarily comply with the Code of Conduct endorsed by the NTIA working group before it becomes the law of the land.

Day Pitney recommends that all app developers take a close look at the templates, given the legal exposure they could face for inadequate disclosures. No laws prohibit the collection of sensitive information from consumers using mobile apps, so long as you tell the consumer what you are doing. By adopting templates promulgated under the guidelines of the Code of Conduct, you can reduce the risk of becoming a target of the Federal Trade Commission, a state attorney general or the private plaintiffs' bar.

Recommended

"Back to Work in Person – Evolution or Revolution," International Trademark Association
September 22, 2023

Day Pitney Litigation Partner Mark A. Romance authored an article with Victor Garrido (Dumont) titled, "Back to Work in Person – Evolution or Revolution?" for the International Trademark Association.

IP Stars from Managing IP
September 8, 2023

Day Pitney Intellectual Property Partners Elizabeth Alquist, Richard Brown, George Chaclas and Jonathan Tropp have been named to Managing IP's IP Stars 2023 Lists.

Patently Enabled September 2023 – What is the On-Sale Bar?
September 1, 2023
Patently Enabled August 2023 - What Are the Types of U.S. Patents?
August 4, 2023
Promotions
July 31, 2023

Day Pitney partner Alex P. Garens was featured in Massachusetts Lawyers Weekly for his promotion to head of the firm's Trademark, Copyright, and Advertising practice.

Patently Enabled July 2023 - What is Enablement?
July 7, 2023
Need Help Navigating the Alphabet Soup of State Consumer Privacy Laws?
June 22, 2023

Day Pitney Cybersecurity, Healthcare and Technology (C.H.A.T.) Newsletter – June 2023

New MA Plan Health Equity Requirements: Are You Ready?
June 22, 2023

Day Pitney Cybersecurity, Healthcare and Technology (C.H.A.T.) Newsletter – March 2023

Patently Enabled June 2023 - Considering a Patent? Five Points to Consider
June 2, 2023
Chambers USA 2023 Ranks 35 Day Pitney Attorneys and 13 Practices
June 1, 2023

Day Pitney Press Release

Copyright © 2023 Day Pitney LLP, all rights reserved.

LexMundi Member
Facebook-f Instagram Linkedin-in