The mobile apps market is booming. If you’re in the business of developing apps, it’s important to know about basic ? and relevant ? consumer protection guidelines.
Hi, I’m Laura Berger, an attorney at the Federal Trade Commission. Whether you run an established company or a start-up, the FTC has suggestions to help you comply with truth-in-advertising standards and privacy principles. Every app is different. But there are some general guidelines to consider if you’re developing an app.
Truth in advertising is simple: Tell the truth when you’re talking about your product.
Once you start distributing your app, you’re an advertiser. An ad isn’t just a multi-million dollar TV spot or global marketing campaign. It’s pretty much anything a company tells a prospective customer about what a product can do. This could be on a web site, in an app store, or even a feature–like a privacy setting or control – that you built into the app itself.
One rule of thumb is to look at your product and your advertising from the average user’s perspective. And if you make objective claims about your app, you need solid proof to back them up before you start distributing it.
When it comes to disclosures, display key information about your product clearly and conspicuously. Generally, the law doesn’t dictate fonts or type size. But the FTC has taken action against companies that have buried important terms in long licensing agreements, in dense blocks of legal mumbo jumbo, or behind vague hyperlinks.
This makes good business sense, too. It shows people that you aren’t trying to hide anything in the fine print.
Now, moving on to privacy: Practice “Privacy by Design”. This means incorporating privacy considerations from a product’s concept stage to its launch and updates. Build privacy protections into development, limit the information you collect, securely store what you hold onto, and safely dispose of any data you don’t need. Think through your default settings with an eye toward privacy. If you’re collecting or sharing information in a way that people wouldn’t expect, get their express permission first.
Be transparent about your data practices. If you need to collect user information for the app to work, be clear about what information you collect and what you do with it.
Give users a choice when it comes to privacy. Privacy settings, opt-outs, or other tools let users control how their personal information is collected and shared. Make it easy for people to find the tools you offer and design them so they’re simple to use.
If your app is designed for kids ? or if you know that you collect personal information from kids ? you might have additional requirements under the Children’s Online Privacy Protection Act and the FTC’s COPPA Rule. Under COPPA, any company whose app is directed to users under 13 or who knows that a user is under 13 must clearly explain its information collection practices. In addition, COPPA requires you to get parental consent before the app collects any personal information from a child and requires that you keep a kid’s personal information confidential and secure. Visit the Business Center for compliance advice.
Even when you’re not dealing with information from kids, it’s smart to get a user’s sign-off before you collect sensitive information. What do we mean by “sensitive”? Medical, financial or geo-location information come to mind as examples.
And finally, keep data secure.
• Collect only the information you need.
• Take reasonable precautions against well-known security risks.
• Limit access to data to a need-to-know basis. And
• Safely dispose of data when you no longer need it.
That’s the download on mobile apps. If you want to learn more, read Marketing Your Mobile App: Get It Right from the Start, available at business.ftc.gov.