The Framework provides a general starting point that application developers can refer to when drafting their application privacy policies. The Framework includes model language to address the following questions and topics regarding the application’s and developer’s privacy practices:
What information does the Application obtain and how is it used?
- The MMA bifurcates this section into “User Provided Information” (e.g., information provided during registration) and “Automatically Collected Information” (e.g., mobile device’s unique device ID and the IP address of the mobile device).
Does the Application collect precise real time location information of the device?
- This section is applicable to companies that collect “precise, real-time locational information.” Developers that collect such information should indicate how such information is used and, if applicable, opt-out options. Even if such information is not collected, the MMA recommends including a statement to that effect.
Do third parties see and/or have access to information obtained by the Application?
- This section will be unique to the developer and application. In addition to disclosing to whom and in what circumstances information is disclosed to third parties, the MMA states that, generally, developers reserve the right to transfer information in the event of a sale of the application.
Automatic Data Collection and Advertising
- This section is intended to address applications that are ad supported. The MMA provides model language to address situations where a third party ad network obtains data for the purpose of ad targeting.
Where are my opt-out rights?
- This section will be unique to the developer, the application and the ad network utilized by the application, if applicable. The MMA provides an example that gives the user the following opt-out options: (a) opting out from all information collected by uninstalling the application; (b) opting out from the use of information for serving targeted ads; and (c) opting out from locational data collection.
Data Retention Policy, Managing Your Information
- This section is intended to communicate how long the developer will retain User Provided Data (the MMA has included “for as long as you use the Application and for a reasonable time thereafter.”) and allow users to contact the developer directly with notice to delete such data.
- This section is intended to address compliance with the Children’s Online Privacy Protection Act. Even if the developer doesn’t need to comply with the act because the act is not applicable to the application, the MMA recommends including language that states the developer doesn’t knowingly solicit information or market to children under the age of 13.
- This section is intended to provide an overview to the user of the developer’s security procedures and will be unique to the developer. The MMA has stated that “developers should ensure that their security procedures are reasonable.”
- This section is meant to provide email access to the developers of the application should a user have privacy questions or concerns.