01 June 2012

Guest Blog - Privacy vs. Data & Building Consumer - Gary Schwartz

MEF North America
Chairman Gary Schwartz

MEF North America Chair Gary Schwartz talks privacy..

The way we define the term privacy is subjective. In the US, we police privacy based on a very broad definition under Section 5 of the Federal Trade Commission Act that prohibits “unfair or deceptive acts or practices in or affecting commerce.” The devil is in the policy details.

If the news headlines over the past few months are any indication, we are mighty confused with what to call private and what to call public, what to sanction and what not to sanction. How can we start to solve small-screen privacy when we have not solved our digital angst on the desktop?

Jules Polonetsky, Director of the Future of Privacy Forum says that when the browser invariably crashes it pops up a commiserating dialogue box asking you permission to send the diagnostic report to the browser company anonymously to help them fix bugs and build a better browser.

Faced with this privacy brief only three per cent of users click “yes”.

Digital Natives

Is it because we are digital immigrates? Our children happily offer data everyday about personal activity without hesitation. Is the challenge simplifying the legal narrative to allow the consumer to make an informed decision without interrupting their next click on the small screen? It seems an improbable feat.

In March this year, the FTC issued a report on best practices for businesses collecting personal data. It is a good read. Google, "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers."

The FTC, who is taking a proactive lead on privacy in the beltway, seem very cognizant that they need to create a flexible framework to best interpret what is unfair or deceptive in Section 5 of the Federal Trade Commission Act.

It seems easy when privacy is not an issue. The FTC can challenge a mobile app like “Acne Pwner” that promised acne removal by providing blue and red light treatments on the phone. Acne Pwner used deceptive statements to drive 11,600 downloads from the iTunes store, where it was sold for $1.99.

But even with privacy issues, there are clear-cut cases. File sharing service like the FrostWire APP presented unfair design when it sets its default to share all pics on the phone with others. The FTC accused FrostWire of disregarding the privacy of its users, by not making it clear enough that their files are publicly shared.

However for many apps and mobile web services the lines are blurred.

Beltway Drums

I was In DC yesterday at a MEF  privacy summit with the FTC, Federal Reserve and other key stakeholders to discuss how the industry can build on these guidelines and further clarify how the industry can create transparency and build “trust” with the new digital consumer.

The FTC presented their findings and separately the group of industry stakeholders discussed steps to advance best practices. MEF discussed the need to:

1. Create a standardised framework for developers and others in the mobile value chain to define and communicate mobile app privacy policy choices.

2. Establish best practices and provide practical tools across the mobile value-chain built on the consumer’s informed consent.

Patricia Poss, Chief of Mobile Technology Unit, Bureau of Consumer Protection explained that the bureau asks the following key questions when evaluating the integrity of an in-market application:

• Who collects what information?

• How is it used?

• With whom is it shared?

• Are consumers being adequately informed?

• Do the consumers have a choice?

Ms. Ross acknowledges that mobile provides unique challenges. The phone is a data collector. It has a camera, microphone, gyroscope, compass, and location features. This data is collected on a small screen “On the go” in an impulse manner. The phone is social by design and so makes sharing information seem natural and easy.

Rules to Build By

As a developer, limit collection of data to what you need and purge what you do not. But most importantly, says Ms. Ross, establish short, meaningful disclosures to the consumer. Aim for:

• Privacy by Design

• Simplified Choice

• Greater Transparency

The challenge for the industry is taking the FTC’s insights and interpreting them in a way that drives trust not trepidation. Many acknowledge that privacy policies are written to avoid a run in with the FTC not with the end consumer in mind.

How can we hope to advance consumer trust in commerce and content applications by wordsmithing lengthy legalspeak on a small screen with a consumer on the run?

Is the dilemma solved by:

• not disclosing (CarrierIQ)

• show a value exchange (FourSquare)

• simplifying and standardizing (Google)

In many cases we may have less of a problem if we stop calling this a “privacy discussion”. Facebook does not have a privacy policy. It has a “Data Use Policy” – which is perhaps more honest. It is about data collection and the permission-based use of this data.

We have to help the consumer simply draw that comfort line of private vs. public.

Gary Schwartz is president/CEO of Impact Mobile, Toronto, and MEF North America Chair. Follow him @impulseEconomy

No comments: