the mobile evolutionthe mobile evolution web mobile touch mobile app integrated mobile apps 2 ....
TRANSCRIPT
1
THE MOBILE EVOLUTION
Web Mobile
Touch
Mobile App
Integrated
Mobile
Apps
2
BRAVE NEW WORLD OR BUSINESS AS USUAL?
Apps are increasingly integrated with other apps and incorporate dynamic features – i.e. phone, payment and geolocation
Rich layered data
+
Rich user experience
=
Complicated privacy issues
3
WHAT’S OLD IS NEW AGAIN
Disclosure
Choice
Consent
Security
4
MOBILE/SOCIAL APPS PRESENT NEW CHALLENGES
5
WHAT MAKES TODAY’S APPS DIFFERENT?
• Social
• Personalized
• Persistent
• Ubiquitous & Casual
• Instant & Viral
• Dynamic & Integrated
• Correlated
6
KEY QUESTIONS FOR WHOLE-APP EXPERIENCE
• What data is being collected?
• Who is collecting the data?
• Who owns the data?
• Who is responsible for security?
• Who needs to make disclosures?
• Which disclosures need to be made?
Answers usually implicate multiple parties . . .
7
SOCIAL APPS
Ubiquitous features
• Post – text, photos, spending, “bio-events”
• Tag – friends, location
• Share – every/anything
• Track –self or others by location, activity
8
Illustration only: Instagram
DEDICATED BANKING AND PAYMENT APPS
Sensitive Data Required
• Bank Account Information
• Credit Card Number
• SSN, TIN, etc.
• Personal demographic data
9
Illustration only: Google Wallet
RETAIL APPS
Used in retail strategy:
• QR codes
• Rewards
• Special in store offers
• User Generate Content
• Social networking/sharing
• Make purchases
10
Illustration only: Famous Footwear
HEALTH APPS
11
• Interact with Physicians
• Get test results
• Renew prescriptions
• Schedule appointments
• Request treatment
Illustration only: One Medical
NOT JUST MAPPING APPS . . .
• Myriad of “dating” and social real time apps identify users by photo, age, gender, location, etc.
• Active pinging?
• Builds on social profile (only social log-in)
Do users know what they are consenting to?
12
Illustration only: People Nearby
NOTICE & DISCLOSURES: WHAT TO COVER
13
BEHAVIORAL ADVERTISING
• Targeting
• Tracking
• Sharing information and working with third parties
Is any of this going on in your app?
14
SHARING AND POSTING ACROSS SITES/APPS
20
• 3rd party code?
• How, when, and what data is shared with third parties?
• Can you give users options?
Do you know the answers
For your app?
Illustration only: Yelp
LOCATION DATA
• How often/when are you collecting it?
• How much data are you collecting?
• Is anyone else collecting it?
• What are you doing with it?
• How long are you keeping it?
Do you provide notice?
Do you ask for consent? (in the app)
21
Illustration only: Yelp
COMBINING AND DERIVING DATA – “BIG DATA”
• Are you combining multiple data sets in order to derive information in an unexpected manner?
• Are you using data in a way that would surprise the user?
• Are you using the data to deliver an unexpected result?
17
ACCESSING CONTENT
Does your app use or access “other” data?
• Contacts
• Photos/Video
• Purchases/Wishlists/Likes
• Geo-tags
18
Illustration only: Evite
INTERNET OF THINGS
Is your app “thingy”?
• GPS/WiFi/Bluetooth/Cellular
• Camera
• Microphone
• NFC
• Biometrics
Users may not be aware of collection . . .
19
Illustration only: Up by Jawbone
BEST PRACTICES
20
KNOW WHAT YOUR APP COLLECTS
• Log in information for integrated apps?
• Geolocation data?
• Payment information?
• Biometric data?
KNOW YOUR PLATFORM
• Apple iTunes Store
– iOS Developer Program License Agreement
– App Store Review Guidelines
• Android
– Android Market Developer Distribution Agreement
• Microsoft
– App Developer Agreement
– Facebook Platform Policies
22
PROVIDE NOTICE
• Have a Privacy Policy
– Even if you collect small amounts of data!
– Understand what you are collecting
– Understand how you are using data
• Make it conspicuous
23
Illustration only: Instagram
BE TRANSPARENT
• Be clear and specific
• ID boundaries of your data collection v. third parties
– Tell users when you link their data to a specific device
• Do not exceed boundaries
• Consider asking permission before any unexpected use
24
SENSITIVE INFORMATION
• Consider providing an “Enhanced Notice”
• Children
• Financial Information
• Healthcare Information
• Protected Class
25
Illustration only: Uber
OFFER USERS CONTROL & CHOICE
• Individual Choice
– Collection
– Storage
– Transfer
• Opt-Out vs. Opt-In
• Controls over social/ automatic sharing
26
Illustration only: Paypal
MAKE NOTICE AS ACCESSIBLE AS THE FUNCTIONALITY
• Make policy conspicuous and available prior to download
• Make the policy available from within the app and easily accessible
– E.g., offer to email or print from mobile devices
27
Illustration only: Uber
CHANGE MANAGEMENT
• If you change how app collects data, revisit your policy, too.
• Be mindful of unexpected uses.
• Let users know when there has been a change to the privacy policy.
• Get op-in for data collected under a different privacy policy.
28
29
THANK YOU
30
Laura Hamady, CIPP/US Associate General Counsel, Regulatory & Chief Privacy Officer Groupon, Inc Gregory P. Silberman, CISSP Partner Jones Day