State of Delaware Mobile Applications...Mobile App Industry Overview • A report from Gartner in...
Transcript of State of Delaware Mobile Applications...Mobile App Industry Overview • A report from Gartner in...
State of Delaware
Convenience is the product, your
privacy is the cost
Mobile Applications
May 2, 2013
Mobile App Industry Overview
• A report from Gartner in January 2010 said that mobile apps will generate $7
billion in 2010, and will grow to $29.5 billion by 2013.
• A report commissioned by mobile application store GetJar in March 2010 said
that the mobile app market will reach $17.5 billion by 2012, having grown to 50
billion downloads from just 7 billion in 2009.
• A report from Research2Guidance in March 2010 said that the mobile app
market would reach $15.65 billion by 2013.
• In December 2010, IDC said that the mobile application market would see 10.9
billion downloads in 2010, and 76.9 billion by 2014. By 2014, the market is
expected to generate $35 billion in revenue worldwide
• The mobile application marketplace will reach $25 billion by 2015, according to a
new report from World Mobile Applications Market , a U.S.-based market
research firm.
• According to research2guidance.com the mobile health app marketplace is
expected to take off and reach $26B by 2017. 97,000 health and fitness apps
available today
Page | 1
Mobile App Industry Overview
Page | 2
Mobile App Industry Overview
Page | 3
The Business Model
• 89% of apps downloaded for free
• According to Gartner, 87.5% of apps purchases were priced
at less than $2.99
• Dynamic segmentation is possible because of the data
collected
Key consumer behavior data
Geolocation information
Contacts and friends
Sites visited
Page | 4
Policy Questions
• What is the expectation of privacy?
• What is at risk?
• What are the current practices?
• What is the State role in regulating this industry?
• Can we achieve balance – privacy and innovation?
Page | 5
What is the expectation of privacy?
Page | 6
Source: TRUSTe Privacy Index
What is the expectation of privacy?
Page | 7
Source: TRUSTe Privacy Index
What is the expectation of privacy?
Page | 8
Source: TRUSTe Privacy Index
What is at risk?
• Failure to act leads to the further erosion in the expectation of privacy
• Loss of control over data ownership and management
• 4th amendment implications
Page | 9
What are the current practices?
• Complexity beyond comprehension
• Capture of data beyond what is needed to deliver service
• Providing access to information that is not yours to grant access
Page | 10
Complexity
Page | 11
Source: TRUSTe Privacy Index
Sample Privacy Policies
• XYZ Company location info retention & sharing clause:
Information Collected Automatically: When you use the Service, XYZ
Company automatically receives and records information on our server
logs from your browser or mobile platform, including your location, IP
address, cookie information, and the page you requested. We treat this
data as non-Personal Information, except where we are required to
do otherwise under applicable law. Unless otherwise stated in this
Privacy Policy, XYZ Company only uses this data in aggregate form. We
may provide aggregate information to our partners about how our users,
collectively, use our Service, so that our partners may also understand
how often people use their services and our Service.
Page | 12
Sample Privacy Policies
• ABC Company data sharing provision: We aggregate non-personally identifiable information (such as age, gender, household income, interests, zip
code, state, coupon print and redemption data, and other automatically collected information that does not
personally identify you) and share such aggregated information with our Affiliates in order to help them
improve the marketing of their products and services. We may also share such non-personally identifiable
information with our Affiliates when you interact with our promotional content on their websites. An Affiliate
may match the non-personally identifiable information we provide with personally identifiable
information you have previously provided to that Affiliate. For instance, if you have signed up for a
loyalty account from one of our Affiliates, such as a grocery retailer, and request that our coupon be saved to
that loyalty account, we will provide the Affiliate with the coupon and other information necessary to fulfill
your request. The Affiliate will then match the information with your loyalty account which may contain your
personally identifiable information. We also may share such non-personally identifiable information
with third-party ad servers, ad networks, and data exchanges (“Ad Partners”) so that they can tailor
their advertisements to your apparent interests and deliver those advertisements to you while you are either
on our Sites or on third-party websites. For example, if you print pet food coupons, then an Ad Server may
conclude that you have a pet and display a pet care supply advertisement instead of a random
advertisement. In addition, Ad Partners themselves use technologies (such as cookies, pixels, and
beacons) to collect information about your browsing behavior on our Sites which they may match
with information they have previously collected (including personally identifiable information you
have provided to them). However, we do not share personally identifiable information with Ad Partners, and
we do not permit Ad Partners to collect personally identifiable information about you on our Sites.
Page | 13
Sample Privacy Policies
• EFG Company provision allowing complete public access to your
location info:
1.3. Installation of the Application in the User's mobile device is an
acceptance and confirmation of his consent to the terms of this
Agreement.
1.4. By accepting this Agreement, the User confirm his consent to the
processing of his personal data in the purpose of implementation
of this Agreement and the resolution of claims related to the
fulfillment of this Agreement. Application shall use the following
personal data:
- Information about location of the User’s mobile device;
- Information accessible from social networks after login in under
the login and password of the User (such as names and photos of
the friends of the User, etc.);
- Information about the User’s account in www.foursquare.com.
Page | 14
Incomplete Disclosure
Page | 15
Source: TRUSTe Privacy Index
Current Regulatory Structure
• The FTC has oversight responsibility
• Monitors companies for unfair practices which only extends to misuse of
data as not prescribed by the terms of use
• Can charge companies for being vague or omitting info
• FTC has little power over limiting use of data once a user consents
Page | 16
Federal versus State Role
Page | 17
• Federal regulation preferred by industry
Avoids the “patchwork” of regulation
May still be accused of restricting innovation, but not inequity
• Difficult for a state to regulate a mobile application
By definition, it is designed for use in any location
Attempts to regulate may restrict state citizen access
Possible Solutions: Consumer Privacy Bill of Rights
• Individual Control: Consumers have a right to exercise control over what
personal data companies collect from them and how they use it.
• Transparency: Consumers have a right to easily understandable and accessible
information about privacy and security practices.
• Respect for Context: Consumers have a right to expect that companies will
collect, use, and disclose personal data in ways that are consistent with the
context in which consumers provide the data.
• Security: Consumers have a right to secure and responsible handling of personal
data.
• Access and Accuracy: Consumers have a right to access and correct personal
data in usable formats, in a manner that is appropriate to the sensitivity of the
data and the risk of adverse consequences to consumers if the data is
inaccurate.
• Focused Collection: Consumers have a right to reasonable limits on the personal
data that companies collect and retain.
• Accountability: Consumers have a right to have personal data handled by
companies with appropriate measures in place to assure they adhere to the
Consumer Privacy Bill of Rights.
Page | 18
Delaware’s Children’s Online Protection Act
• Age verification
• Limitations to how the data of a minor is used
• Full disclosure of data being collected on a minor, and its intended use
• Prohibits sharing of data on minors with a third party.
Page | 19