Upload
ricardo-varela
View
1.110
Download
2
Tags:
Embed Size (px)
DESCRIPTION
A talk by Kasey Chappelle and Ricardo Varela about guidelines for implementing privacy in your mobile applications
Citation preview
Privacy for Mobile Developers
Kasey Chappellehttp://www.vodafone.com/start/privacy.html
Ricardo Varelahttp://twitter.com/phobeo
OverTheAir 2010
image borrowed from http://xkcd.com
What is Privacy?
The ability of individuals to know of, and to express choice and control over how information about them is collected, shared and used
Why should I care?
Your users (increasingly) care The press loves a privacy story Regulators are watching
Some defnitions: Personal Information
Data relating to an identifed or identifable individual, for example:● collected via an
application UI● gathered indirectly from
user's device● gathered from user's
behaviour● generated by the user
To be identifed, an individual doesn't need to be called by name, their information may be associated to a unique identifer
Some defnitions: Location data
Information that identifes the geographical location of a user's device, which may include GPS coordinates, cell id info, wif essids or other less granular data such as town or region
Some defnitions: Active Consent
Affrmative indication of agreement by the user to a specifc and notifed use of their personal information. Must be captured in a way in which consent is not the default option.
About Transparency, Choice and Control
Be transparent
Tell your user who you are, what personal information your app will use and why, and who else you might share it with
Be transparent
A good place to put this is in your privacy policy, clearly linked from the app
Be transparent
A good place to put this is in your privacy policy, clearly linked from the app
Be transparent
Remember that just teling the user WHAT you need doesn't tell them WHY you need it
Be transparent
Remember that just teling the user WHAT you need doesn't tell them WHY you need it
No surreptitious data collection
Before users activate the app, make them aware of features that might affect their privacy
Eg: don't access/use location data without letting them know
No surreptitious data collection
Remember that there is some data you may have access to even without specifc APIs or prompting (for example, location from their IP) and inform your user if you intend to use it too
Identify yourself
Users must know who is using their personal information so they can exercise their rights to access, correct and delete information.
That info can be included in the application itself
Identify yourself
Can the user easily fnd contact information inside the app?
Identify yourself
Can the user easily fnd contact information inside the app?
Minimize the info collected
The application should collect and use only the info required for its normal operation and other legitimate uses (e.g., consent, required by law)
Minimize the info collected
Do you really need all that information?
Gain their consent
Sometimes (but not always) users will need to give active consent to use of their information: secondary purposes, public display, sharing with third parties or remote/persistent storage
Gain their consent
Will the users be aware I'm about to do this action with their data?
Gain their consent
Will the users be aware I'm about to do this action with their data?
Help them choose
Make users aware of the privacy-related default settings and allow them to exercise their privacy choices (in an easy way)
You can help a user decide by showing the consequences of the actions being proposed
Help them choose
Do users understand what they are allowing you to do?
Beware of the blanket
Whenever you access data with a blanket permission (no prompts required) be sure to show your own prompt reminding the user that this is the case, at least once and until the user confrms they want no further reminders
image borrowed from http://www.starkeith.net/
No silent updates
Inform the users of material changes in the way your application will collect their data BEFORE you enable the changes. If the change is essential for the application, give them a chance to disable/exit the application
No silent updates
Use whichever mechanisms your platform has to let users know what has changed
No silent updates
Use whichever mechanisms your platform has to let users know what has changed
Don't facilitate stalking or surveillance
Applications should not collect, use or share data about someone other than the user except when the other party has chosen to publish that information
Don't facilitate stalking or surveillance
About Data Retention and Security
Tell them why
Inform the user why you need to retain her personal data and for how long you need to keep it (and make sure it's justifable)
Tell them why
Make sure your data management policy is justifed
Explain them how you know so much
Whenever you offer results based on data mining, try not to surprise your user by providing some explanation about how their data has been used to reach those conclusions
Explain them how you know so much
Let the users know what part of their information you use to minimize the surprise
Keep it secure
User data stored on the device or remotely must be stored somehow securely, for example by being encrypted (and ensuring the encryption keys are kept in a trusted environment)
Keep it secure
Ensure some form of encryption when storing the users' information
Delete my data if I ask you to
Give the users a way to either delete their data themselves or contact you and ask you to delete it.
About Advertising
Not all Advertising has an impact in Privacy
When we talk Advertising here, we refer to Advertising that uses personal information, such as targeted advertising, or advertising that involves user data being send to a third party, such as embedding a third party ad tracking code
Let me know you have Ads
Let users know the application will display ads before they activate it. Additionally you can mention what to do if they don't want ads (like getting the paid-for app)
Let me know you have Ads
Users should know beforehand what to expect
Let me know you have Ads
Users should know beforehand what to expect
Give users choices about 3rd parties
If you're using analytics or network advertisers, you're required by law to let users know (generally in a privacy policy) and tell them how to opt out (or get their opt in, in some countries).
Give users choice about 3rd parties
Let me opt out if I don't want to share data (and is not essential to the service)
Target advertisement using legitimate data
Avoid targeting ads using personal information which hasn't been collected for the application's primary purpose
Respect the privacy of my network
Don't spam your users' contacts - applications should not collect information about or send messages to contacts without the user's active consent
Respect the privacy of my network
Don't spam my contacts
About Children and Adolescents
Age verify where possible and appropriate
If the application context requires features like social network access or displays restricted content, integrate age verifcation controls. When not possible, you can implement self-certifcation asking for a date of birth before activation of the application or feature.
Age verify where possible and appropriate
If nothing else is available, self-verifcation is fne
Set privacy-protective default settings
Applications targeted at children and adolescents should will require careful treatment of social features, especially those using location.
In summary...
High Level Principles
Be transparent – don't surprise your users with unexpected data uses or sharing
Be reasonable – if you don't need data, don't collect it; if it's no longer needed, don't keep it
Give your users meaningful choices about how their data is collected, used and shared
Respond to your users' queries – in some cases, the law requires it
Thanks! :)
Kasey Chappellehttp://www.vodafone.com/start/privacy.html
Ricardo Varelahttp://twitter.com/phobeo
thanks to Belen Albeza (@ladybenko) for the cartoons!