[NY Times] For many Internet users, online privacy policies are long and difficult to read. Transfer those same policies to a mobile device, where users can find themselves clicking through multiple screens often with tiny type, and the policies can become almost useless to the average consumer.
Yet those same policies govern how much user data is collected through mobile applications and how that data is shared with advertisers and other third parties. And with growing concern over data collection, including proposed legislation to more closely protect consumers, one company is trying to make privacy policies that are both easy for consumers to read and easy for mobile application developers to create.
“Everybody complains that no one reads privacy policies and that privacy policies are too long and too difficult,” said Jim Brock, the founder of PrivacyChoice, a company that has analyzed and indexed the data in hundreds of privacy policies across the Web. “The mobile environment requires you to say things very succinctly, and it requires you to say things in layers.”
Using the data collected from hundreds of online privacy policies, Mr. Brock and his team devised a tool to help mobile application developers create basic policies without the help of a lawyer. Developers who want to use the tool can select answers to basic questions about how they collect data, how that data is used and whether it can be deleted.
The resulting policy boils complicated policy language down to a few sentences like “We collect or share your location only with your permission” or “We keep personal data until you delete it.”
“If you have 10 minutes, you can get on the right side of privacy rules,” said Mr. Brock, who estimates that the vast majority of applications that mobile phone users download don’t have privacy policies at all. Policies that do exist can be challenging for users to read without having to click through multiple screens. Adding to the confusion, many application developers are small businesses that make revenue off customized advertising, but don’t have a consistent approach to making policy.
Morgan Reed, the executive director for the Association for Competitive Technology, a trade organization that supports mobile application developers, said more than 80 percent of developers are small businesses with fewer than 10 employees. Many of the apps they create collect data on users — including their location — that can be sent to advertising networks, which in turn show users ads based on the data that has been collected.
Without advertising revenue, app developers would have to charge more for their apps — which typically sell for 99 cents to a few dollars each — and some might find it difficult to stay in business. “Solving this privacy problem is absolutely critical for us,” Mr. Reed said. “We want to make sure this revenue stream continues.”
The cost for a legal consultation, which can range from a couple of hundred dollars to thousands, can also be a deterrent for small app developers looking to create privacy policies. But Christopher Wolf, a partner at the Hogan Lovells law firm and a co-chairman of the Future of Privacy Forum, said app developers should not claim cost as an excuse.
“I think it’s a cop-out for app developers to say they don’t have the budget for it,” Mr. Wolf said. “It’s an investment for any business that deals in consumer data. They ought to build it into the development cost.”
Andrew Binkowski, a researcher at the University of Chicago and an app developer, said allowing advertising on his baby name app, Stork Drop, doubled his revenue. Mr. Binkowski said the app drew advertisements for items like diapers or cord blood banks (facilities that store umbilical cord blood for future use).
Forrester Research predicts that by 2015, 36 percent of consumers in the United States will use mobile Internet services, with spending on mobile advertising expected to increase to $2.8 billion.
In June, Senator Al Franken, Democrat of Minnesota and the chairman of the Senate Judiciary subcommittee on privacy, technology and the law, proposed legislation along with Senator Richard Blumenthal, Democrat of Connecticut, that would require mobile companies to obtain a user’s consent before collecting location-based data and before sharing that data with third parties.
Recent efforts to increase the availability of mobile privacy policies, like Mr. Brock’s policy generator, “is a good first step in informing consumers,” Mr. Franken said in an e-mail. “But it alone will not address the majority of privacy threats that consumers face on their mobile devices.”
Another tool to manage tracking by advertisers and ad networks is being developed by Evidon, the company that provided the technology behind an icon-based online self-regulatory program supported by the Digital Advertising Alliance.
Scott Meyer, the company’s chief executive, said work is under way on a tool that would allow users to opt out of being served targeted advertising across multiple providers, similar to the way the icon program works. Mr. Meyer said the company had already signed contracts with multiple ad networks and agencies and expected to announce the new tool by the end of the year.
“The point of this is to build a more trusted environment,” Mr. Meyer said.
Industry Tries to Streamline Privacy Policies for Mobile Users