Alert
Alert
02.25.15
A mobile app that collects users’ location data while the mobile app is not in use should clearly disclose such practices and provide users with choices. Failure to do so could give rise to an FTC claim of deceptive practices.
In mid-February, the Federal Trade Commission (FTC) published advice regarding mobile apps’ collection of users’ location data when the mobile apps are not in use. The FTC recommends that such mobile apps clearly disclose such data collection practices and offer choices to users regarding such collection, especially if such data collection would not be intuitive to a user. For example, consumers may assume that a mobile app that provides driving directions will collect their location data, but consumers may not assume that such mobile app also collects their location data when the mobile app is not in use.
The FTC’s guidance acknowledges that mobile app platforms and mobile operating systems, such as Apple’s iOS and Google’s Android, may or may not have built-in, system-level disclosures that provide information to users about a mobile app’s collection of location data. Regardless of such system-level disclosures, the FTC urges mobile apps that collect users’ location data when the mobile apps are not in use to disclose such data collection in a transparent way. Below are the tips provided by the FTC on ways for mobile apps to explain such data collection practices to users:
This recent guidance expands on the FTC’s recommendations included in its “Mobile Privacy Disclosures” report published in February 2013. In that report, the FTC recommended, among other things, that mobile app developers provide just-in-time disclosures and obtain users’ affirmative express consent before collecting and sharing sensitive information, such as location data (to the extent the platforms have not already provided such disclosures and obtained such consent). In the 2013 report, the FTC clarified that, to the extent its guidance goes beyond existing legal requirements, it was not intended to serve as a template for law enforcement actions or regulations under laws currently enforced by the FTC.
However, in late 2013, the FTC pursued enforcement action against at least one mobile app developer that did not clearly and accurately disclose its collection and use of location data to users. In December 2013, the FTC filed a complaint against Goldenshores Technologies, LLC, a company that provided a popular “Brightest Flashlight Free” mobile app, and its owner. The FTC’s complaint alleged, among other things, that the company’s acts and practices constituted unfair or deceptive acts or practices in or affecting commerce in violation of Section 5(a) of the Federal Trade Commission Act because it provided a privacy policy that did not reflect the mobile app’s use of personal data, including location data, and presented consumers with a false choice on whether to share such data. In 2014, the FTC approved a final settlement that required the company to, among other things, provide a just-in-time disclosure that fully informs users when, how, and why their location data is being collected, used, and shared and obtain users’ affirmative express consent before doing so.
This settlement, together with the FTC’s published guidance, emphasizes the importance for mobile apps to provide clear, transparent, and accurate disclosures about their collection of location data and to provide users with choices related to such data collection. Potential penalties for failing to comply with the FTC’s laws, rules, regulations, and guidance may include significant fines, required deletion of all consumer information improperly obtained, ongoing FTC audits and inspections, and other compliance obligations.
Click here to view a copy of the FTC’s 2013 Mobile Privacy Disclosures Report.
Click here to view a copy of the FTC’s final order settling charges against Goldenshores Technologies, LLC.
Download: FTC Issues New Guidance for Mobile App Developers that Collect Location Data