Privacy for Mobile Developers

Kasey Chappellehttp://www.vodafone.com/start/privacy.html

Ricardo Varelahttp://twitter.com/phobeo

OverTheAir 2010

image borrowed from http://xkcd.com

What is Privacy?

The ability of individuals to know of, and to express choice and control over how information about them is collected, shared and used

Why should I care?

Your users (increasingly) care The press loves a privacy story Regulators are watching

Some defnitions: Personal Information

Data relating to an identifed or identifable individual, for example:● collected via an

application UI● gathered indirectly from

user's device● gathered from user's

behaviour● generated by the user

To be identifed, an individual doesn't need to be called by name, their information may be associated to a unique identifer

Some defnitions: Location data

Information that identifes the geographical location of a user's device, which may include GPS coordinates, cell id info, wif essids or other less granular data such as town or region

Some defnitions: Active Consent

Affrmative indication of agreement by the user to a specifc and notifed use of their personal information. Must be captured in a way in which consent is not the default option.

About Transparency, Choice and Control

Be transparent

Tell your user who you are, what personal information your app will use and why, and who else you might share it with

Be transparent

A good place to put this is in your privacy policy, clearly linked from the app

Be transparent

A good place to put this is in your privacy policy, clearly linked from the app

Be transparent

Remember that just teling the user WHAT you need doesn't tell them WHY you need it

Be transparent

Remember that just teling the user WHAT you need doesn't tell them WHY you need it

No surreptitious data collection

Before users activate the app, make them aware of features that might affect their privacy

Eg: don't access/use location data without letting them know

No surreptitious data collection

Remember that there is some data you may have access to even without specifc APIs or prompting (for example, location from their IP) and inform your user if you intend to use it too

Identify yourself

Users must know who is using their personal information so they can exercise their rights to access, correct and delete information.

That info can be included in the application itself

Identify yourself

Can the user easily fnd contact information inside the app?

Identify yourself

Can the user easily fnd contact information inside the app?

Minimize the info collected

The application should collect and use only the info required for its normal operation and other legitimate uses (e.g., consent, required by law)

Minimize the info collected

Do you really need all that information?

Gain their consent

Sometimes (but not always) users will need to give active consent to use of their information: secondary purposes, public display, sharing with third parties or remote/persistent storage

Gain their consent

Will the users be aware I'm about to do this action with their data?

Gain their consent

Will the users be aware I'm about to do this action with their data?

Help them choose

Make users aware of the privacy-related default settings and allow them to exercise their privacy choices (in an easy way)

You can help a user decide by showing the consequences of the actions being proposed

Help them choose

Do users understand what they are allowing you to do?

Beware of the blanket

Whenever you access data with a blanket permission (no prompts required) be sure to show your own prompt reminding the user that this is the case, at least once and until the user confrms they want no further reminders

image borrowed from http://www.starkeith.net/

No silent updates

Inform the users of material changes in the way your application will collect their data BEFORE you enable the changes. If the change is essential for the application, give them a chance to disable/exit the application

No silent updates

Use whichever mechanisms your platform has to let users know what has changed

No silent updates

Use whichever mechanisms your platform has to let users know what has changed

Don't facilitate stalking or surveillance

Applications should not collect, use or share data about someone other than the user except when the other party has chosen to publish that information

Don't facilitate stalking or surveillance

About Data Retention and Security

Tell them why

Inform the user why you need to retain her personal data and for how long you need to keep it (and make sure it's justifable)

Tell them why

Make sure your data management policy is justifed

Explain them how you know so much

Whenever you offer results based on data mining, try not to surprise your user by providing some explanation about how their data has been used to reach those conclusions

Explain them how you know so much

Let the users know what part of their information you use to minimize the surprise

Keep it secure

User data stored on the device or remotely must be stored somehow securely, for example by being encrypted (and ensuring the encryption keys are kept in a trusted environment)

Keep it secure

Ensure some form of encryption when storing the users' information

Delete my data if I ask you to

Give the users a way to either delete their data themselves or contact you and ask you to delete it.

About Advertising

Not all Advertising has an impact in Privacy

When we talk Advertising here, we refer to Advertising that uses personal information, such as targeted advertising, or advertising that involves user data being send to a third party, such as embedding a third party ad tracking code

Let me know you have Ads

Let users know the application will display ads before they activate it. Additionally you can mention what to do if they don't want ads (like getting the paid-for app)

Let me know you have Ads

Users should know beforehand what to expect

Let me know you have Ads

Users should know beforehand what to expect

Give users choices about 3rd parties

If you're using analytics or network advertisers, you're required by law to let users know (generally in a privacy policy) and tell them how to opt out (or get their opt in, in some countries).

Give users choice about 3rd parties

Let me opt out if I don't want to share data (and is not essential to the service)

Target advertisement using legitimate data

Avoid targeting ads using personal information which hasn't been collected for the application's primary purpose

Respect the privacy of my network

Don't spam your users' contacts - applications should not collect information about or send messages to contacts without the user's active consent

Respect the privacy of my network

Don't spam my contacts

About Children and Adolescents

Age verify where possible and appropriate

If the application context requires features like social network access or displays restricted content, integrate age verifcation controls. When not possible, you can implement self-certifcation asking for a date of birth before activation of the application or feature.

Age verify where possible and appropriate

If nothing else is available, self-verifcation is fne

Set privacy-protective default settings

Applications targeted at children and adolescents should will require careful treatment of social features, especially those using location.

In summary...

High Level Principles

Be transparent – don't surprise your users with unexpected data uses or sharing

Be reasonable – if you don't need data, don't collect it; if it's no longer needed, don't keep it

Give your users meaningful choices about how their data is collected, used and shared

Respond to your users' queries – in some cases, the law requires it

Thanks! :)

Kasey Chappellehttp://www.vodafone.com/start/privacy.html

Ricardo Varelahttp://twitter.com/phobeo

thanks to Belen Albeza (@ladybenko) for the cartoons!