A call for a privacy Bill of Rights for wireless consumers is being sounded by the Electronic Frontier Foundation (EFF).
"[G]iven the sensitivity of the data that many consumers store on their phones, the stakes are even higher for manufacturers, carriers, app developers, and mobile ad networks to respect user privacy in order to earn and retain the ever-important trust of the public," the EFF says in a statement.
In its Bill of Rights for Mobile Users, the advocate for civil rights in the digital world suggests that developers, when creating mobile apps, respect consumer privacy with these practices:
- Offer a means for withdrawing consent to collect data that's as visible as the means for obtaining consent.
- Collect the minimum amount of information necessary to provide a service, especially when collecting information from address books, photo libraries, location and phone logs and text messages.
- Make known to users what data an app's collecting, how long it will be kept and who it will be shared with.
- Offer "human readable" privacy policies that are accessible both before and after installation.
- Honor the context in which data is collected. Data collected to link an app user with their friends, for example, shouldn't be used by the developer to contact those friends directly without specific permission from that user.
- Secure data collected by an app both where it's stored and in transit between phone and cloud.
- Hold themselves accountable for the behavior of their software. That should be true for all actors in the mobile industry, not just developers, the EFF adds.
The organization also makes a number of technical recommendations for developers. They include "hashing" information developers collect, making TLS connections a default when transferring data, encrypting stored data, securing data from internal as well as external threats, testing system security by independent testers, and encouraging operating system makers to support Do Not Track technology at the operating system level.
"These recommendations represent a baseline, and all the players -- from the application developers to the platform providers to the ad networks and more—should work to meet and exceed them," the EFF explains. "As the mobile app ecosystem has matured, users have come to expect sensible privacy policies and practices. It’s time to deliver on those expectations."
The EFF's Bill of Rights comes a week after the Obama Administration released its framework for protecting consumer privacy on the Internet. The centerpiece of that proposal is a consumer privacy Bill of Rights similar to the EFF's.
The recent upsurge in privacy protection activity comes on the heels of several controversial moves by Google. They include circumventing the Do Not Track settings in Apple's Safari and Microsoft Internet Explorer browsers, and revamping its privacy policies to consolidate the information it gathers about users of its services.
While cooking up bills of rights for consumers may be a good way to raise public awareness about privacy, it remains to be seen what, if any, effect they'll have on the privacy rights of consumers. Even if the players involved make a good faith effort to embrace the principles of the bills of rights in their operations, doing so will be a complex task, as will be enforcing the principles against those who would violate them.