The Mobile Marketing Association (MMA) is recommending that developers of mobile applications be as transparent as possible with their privacy and security policies to cut down on ambiguity and engender consumer trust.
In a guidance document released Wednesday, the trade group outlines best practices for creating privacy policies and offers sample language that software companies can adopt and adapt. The MMA calls this guidance the first of its kind to tackle "the core privacy issues and data processes of many mobile applications." There will be further privacy guidelines from the group, CEO Greg Stuart stated in a press release.
The document is intended to be a starting point for addressing privacy issues and data movement associated with mobile apps, not a blanket policy for every developer.
"Privacy policies are a key consumer disclosure tool for app developers and important to establishing and maintaining consumer trust," MMA Privacy & Advocacy Committee Chairman Alan Chapell stated in the press release. "Our guidelines offer developers the foundation from which to craft a document that reflects the privacy practices of each of their apps and helps them stay in compliance with applicable law and industry standards."
Nor is the guidance specific to healthcare—in fact, none of the companies on the Privacy Policy Framework committee are healthcare-only firms—but there are warnings that health data deserves special treatment, per HIPAA and other privacy standards.
"Mobile application developers should be aware that certain types of data, for example, medical records and certain types of financial information may be subject to existing privacy law. Application developers creating apps that collect potentially sensitive information are encouraged to obtain counsel to ensure that their data collection policies are in line with current law in the jurisdiction(s) where the app may be used," according to the guidance.
App developers also should:
- Get prior consent from users before collecting information from or for social networks.
- Disclose whether the app tracks the real-time location of a mobile device
- Describe if and how they will share data with third parties.
- Make sure security procedures are "reasonable.":
- Understand that users generally must be allowed to consent to "retroactive, material changes" in privacy policies.
- Be aware of how advertising networks they work with mine user data and whether there is an opt-out choice. "At a minimum, application developers should take into account whether the app is advertising supported and whether data is obtained by an ad network or other third party for the purpose of ad targeting," the document states.
"Mobile application developers should be aware of which mobile advertising networks and other third parties they are working with in order to determine if that ad network or other third party is offering an opt-out. We recognize that the mobile marketplace continues to experiment with different types of opt-out mechanisms – and strongly encourage the mobile application developer community to participate in these experiments to the benefit of consumer privacy interests," states another section.
Programmers also need to pay special attention to apps designed for children under the age of 13, according to the guidance.