MEF has long championed the importance of building trust in mobile apps. The more confidence consumers have in their mobile device, the more they will use it to buy and use digital goods. Part of that means recognising that personal information is not a raw material waiting to be mined. It is part of a human being’s identity, and must be treated with due care and attention.
Despite the meteoric success of app stores like those of Apple and Google Play, we are all vulnerable to the shocks caused by a few perceived abuses of privacy. Negative news stories about app pioneers like Instagram, Facebook and Whatsapp affect the whole market and may well be a contributing factor as to why only a third of app users are now happy sharing their information.
MEF took this message to developers at this year’s AppsWorld expo in a panel featuring MEF Chair Andrew Bud Martin Fanning, a partner at international law firm Dentons, James Pimentel-Pinto, a founding director of leading UK developer AgencyMobile, and yours truly. You can watch the session in full below but here’s a summary of what was discussed.
Martin Fanning, Dentons: privacy is an opportunity for app developers as much as a risk.
Martin explained that the laws that govern data collection around the world are converging. Regardless of where you’re based and who you’re selling to, certain principles are certain to apply (soon, if not already). In a nutshell:
- You must be transparent – explain what data is collected and what it is used for.
- You need the user’s consent to collect data, or at least be able to demonstrate the user is aware of the situation.
- You must secure the data.
- Finally, you mustn’t keep hold of the data any longer than necessary.
And in Europe, rules are about to become tougher. The new Data Protection Regulation which will take effect in a couple of years is even more prescriptive in terms of what app owners and stores must do. There are also harsher penalties for companies that get it wrong.
Martin was at pains to point out, however, that developers can use the law as a differentiator. If you get privacy right you can set yourself apart in the marketplace. You can improve user experience and also collect a data set that is richer and therefore more valuable.
He referred to Microsoft’s strapline in a recent ad campaign: ‘your privacy is our priority’. An example of how big commercial players are exploiting this. Martin summarised: “It’s not about downside, it’s all about upside.”
James Pimentel-Pinto, AgencyMobile: AppPrivacy makes privacy easy for devs
The policy outputs as html. You just need to extract that, put it within your own coding environment and choose where you want it to sit within your app. AppPrivacy means you don’t have to think through a policy, then write and format it. This does it all for you.
First, Andrew carried out a quick straw poll of the developer audience:
- Two-thirds are collecting personal information.
- Around a half obtain consent to collect information (beyond the standard OS requirements)
- Two thirds are selling to a global audience.
1) Surely collecting data is a fundamentally dishonest business model? It affects the character of the society we live in.
Andrew replied that what MEF has learned from other business models is that the ultimate sin is to deceive people. Adults are allowed to choose to do things that you and I wouldn’t necessarily do, but they need to have made a conscious decision to do so. The developer needs to be transparent and to be able to demonstrate willing consent.
James agreed that in a democratic society you have to give consumers choice. It’s not up to us to dictate what people should and shouldn’t do with their personal information.
Martin pointed out that protections for individuals are getting stronger when companies are judged to have overstepped the mark.
2) By giving a simple, easy-to-digest policy are you not making yourself vulnerable to criticism? Surely a detailed long-form policy is more ‘fireproof’?
Andrew began by agreeing that there is a tension between being detailed and being clear. MEF is working at the point of this tension and our working group has made an ‘exquisitely-tuned judgement’ which resulted in AppPrivacy.
Martin recognised that lawyers do indeed love words. ‘We’re trained in a risk-averse way – to cover every loophole. But that’s not good enough in the context of transparency. This product really is best-practice.”
I reminded people that while AppPrivacy does not give you legal protection, it does help you demonstrate that you did everything practicable to help the consumer. And it’s highly unlikely that a regulator would go after a company that could show it had operated in good faith in this way.
3) What’s the opportunity presented by privacy?
James began by saying that the more simple you are with language, the more people respect your openness.
My take was that the upside is around brand. If you look at the most successful entrepreneurs, they are dynamic and innovative but they also want to build long-standing relationships with customers. What was it Warren Buffet once said to his staff? “You lose a million dollars I’ll forgive you. But if you damage my reputation, you’re out on your ear.” (I’ve paraphrased here). The point is: reputation is critically important to big brands. If you want to develop apps for them, or if you have ambitions to become one, it’s a lesson worth learning.
4) Does the policy generator take into account country-specific laws?
I replied that it’s not currently available in foreign languages and it’s not specifically tailored to individual markets right now. It’s a free product, and a global tool for developers looking to appeal to a global audience. But if there’s demand of course we’ll look at upgrading the tool.
Martin reiterated it’s not one size fits all, how can it be? There is no substitute for legal advice where it’s needed. It is, though, best practice – following the themes we’re seeing from US and Europe policy-makers.
5) What about 3rd parties? As soon as we implement SDKs we are inviting other companies to collect data and we don’t know what they’re doing with it.
6) How is this tool paid for if it’s free to the developer: is it sponsored?
Andrew replied that our members pay us fees so it’s an investment from our member-base. The reason our members are happy for us to do so is that we’re building trust in the market as a whole. If developers get this wrong, consumers will flee to a small number of massive, trusted brands and the rest of us will all lose out.
And, with that, we ran out of time which was a shame because I think both panellists and audience could have carried on for a while longer! We were thrilled to see so many developers taking an interest in privacy – it’s clear that it’s working its way up their list of priorities. This can only be a good thing, for both consumers and the app community.