Mobile Marketing Association Releases Final Version of Mobile Application Privacy Policy Framework

Posted on February 1, 2012 by Kevin Khurana

After introducing a draft of its Mobile Application Privacy Policy Framework (“Framework”) in mid-October for public comment, the Mobile Marketing Association ("MMA") recently released the final version of the Framework.  

The Framework provides a general starting point that application developers can refer to when drafting their application privacy policies. The Framework includes model language to address the following questions and topics regarding the application’s and developer’s privacy practices:

 

What information does the Application obtain and how is it used?

  • The MMA bifurcates this section into “User Provided Information” (e.g., information provided during registration) and “Automatically Collected Information” (e.g., mobile device’s unique device ID and the IP address of the mobile device).

 Does the Application collect precise real time location information of the device?

  • This section is applicable to companies that collect “precise, real-time locational information.” Developers that collect such information should indicate how such information is used and, if applicable, opt-out options. Even if such information is not collected, the MMA recommends including a statement to that effect.

 Do third parties see and/or have access to information obtained by the Application?

  • This section will be unique to the developer and application. In addition to disclosing to whom and in what circumstances information is disclosed to third parties, the MMA states that, generally, developers reserve the right to transfer information in the event of a sale of the application. 

 Automatic Data Collection and Advertising

  • This section is intended to address applications that are ad supported. The MMA provides model language to address situations where a third party ad network obtains data for the purpose of ad targeting. 

 Where are my opt-out rights?

  • This section will be unique to the developer, the application and the ad network utilized by the application, if applicable. The MMA provides an example that gives the user the following opt-out options: (a) opting out from all information collected by uninstalling the application; (b) opting out from the use of information for serving targeted ads; and (c) opting out from locational data collection.  

 Data Retention Policy, Managing Your Information

  • This section is intended to communicate how long the developer will retain User Provided Data (the MMA has included “for as long as you use the Application and for a reasonable time thereafter.”) and allow users to contact the developer directly with notice to delete such data. 

Children

  • This section is intended to address compliance with the Children’s Online Privacy Protection Act.   Even if the developer doesn’t need to comply with the act because the act is not applicable to the application, the MMA recommends including language that states the developer doesn’t knowingly solicit information or market to children under the age of 13. 

 Security

  • This section is intended to provide an overview to the user of the developer’s security procedures and will be unique to the developer. The MMA has stated that “developers should ensure that their security procedures are reasonable.”

 Changes

  • This section is intended to afford developers the flexibility to modify their privacy policy. The MMA notes that material changes to privacy practices generally require a user’s prior consent.

 Your Consent

  • This section is intended to capture the user’s consent to have his/her data processed, collected and disclosed as set forth in the privacy policy. The MMA’s proposed language also geographically limits where activities related to data collected from users may occur to the United States.

 Contact Us

  • This section is meant to provide email access to the developers of the application should a user have privacy questions or concerns.

While the Framework is not meant to set forth rigid parameters for developers to operate within, they do provide valuable guidelines that will assist most developers, with the help of their lawyers, to create a mobile application privacy policy that users will understand. However, it should be noted that the developers mustn’t simply rely on the language provided by the MMA; they must still draft a privacy policy to address their unique, application-specific privacy practices. Inaccurate or deceptive privacy policies are subject to actions by the Federal Trade Commission, state attorneys general and other regulators. 
Tags: , , , , , , , , ,

Emerging Standards For Mobile Marketing

Posted on June 10, 2008 by Kristen J. Mathews
Many B2C companies are beginning to explore marketing to consumers’ wireless devices using text messaging (“SMS,” or “short message service”) and MMS messaging (“Multi-media Messaging Service”). They may even target their promotions based on where the recipient is physically located using the wireless device’s GPS technology. They also may target their promotions to teens and tweens. What legal issues should companies be aware of as they navigate through this relatively new area?
This question is very timely, as mobile marketing has received a lot of attention from regulators and industry organizations in the last few months.

Statutes. Statutorily, we have two federal laws that apply to mobile messaging: the Telephone Consumer Protection Act (the “TCPA”) and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (the “CAN-SPAM Act”). Each of these laws apply to mobile promotional messaging, depending on the technology used to send the messages. We also have a host of state laws that apply, either expressly or implicitly, to mobile promotional messaging. In summary, the laws require that companies obtain express consent from individuals before sending promotional messages to their wireless devices. In some cases, specific consent language is required.

Mobile Marketing Association Guidelines. In addition to statutes, we also have various industry standards that apply to text messaging campaigns. The Mobile Marketing Association (MMA), for example, has a set of Consumer Best Practices Guidelines for mobile marketing, which is incorporated by reference into the carrier agreements under which short codes are issued by carriers to companies that want to launch text messaging campaigns. These best practices provide, among other things, requirements for consumer notices, consent and opt-out rights.
 
Wireless Association Standards for Location-based Marketing. The CTIA (The Wireless Association) recently issued a set of best practices that provide for, among other things, consumer notice and consent for location-based marketing, and consumer choice for sharing of location information with third parties. These guidelines also address retention and security of location-based information, abuse reporting and public self-certification of compliance with the best practices. (Self-certification, in itself, presents its own set of legal issues.)
 
Federal Trade Commission. Just this past May, the Federal Trade Commission (FTC) hosted a public town hall meeting, “Beyond Voice: Mapping the Mobile Marketplace.” Topics discussed included the evolution and future of mobile marketing, location-based marketing, consumer disclosures and consents, the challenges of small PDA screens for consumer notifications, teen and tween-targeted campaigns, parental controls and security issues with respect to data stored on mobile devices. Also in May, two consumer advocacy groups (the Center for Digital Democracy and the U.S. Public Interest Research Group) announced their plan to file a complaint with the FTC, asking it to examine behavioral advertising via mobile devices and to promulgate special rules regulating mobile marketing to children and teens.
 
It is reasonable to anticipate that the FTC will ultimately issue either guidelines or rules which apply to mobile marketing campaigns, in an attempt to set forth uniform requirements for mobile marketing. Until then, companies must navigate and synthesize the various sources of applicable laws and standards, and derive an approach that meets their business objective while avoiding backlash from the media, the industry, the wireless carriers and consumers.
Tags: , , , , , , ,