Steve ‘Woz’ Wozniak wasn’t the only draw at last month’s AppsWorld expo in London. More than 60 developers crammed into the Tech World workshop to hear about AppPrivacy – MEF’s free privacy policy generator. MEF Chair Andrew Bud hosted a panel including Martin Fanning, a partner at international law firm Dentons, James Pimentel-Pinto, a founding director of leading UK developer AgencyMobile, and MEF’s Senior Advisor for Policy & Initiatives, Simon Bates, who here summarises the session, which you can watch in full in the video below.

MEF has long championed the importance of building trust in mobile apps. The more confidence consumers have in their mobile device, the more they will use it to buy and use digital goods. Part of that means recognising that personal information is not a raw material waiting to be mined. It is part of a human being’s identity, and must be treated with due care and attention.

Despite the meteoric success of app stores like those of Apple and Google Play, we are all vulnerable to the shocks caused by a few perceived abuses of privacy. Negative news stories about app pioneers like Instagram, Facebook and Whatsapp affect the whole market and may well be a contributing factor as to why only a third of app users are now happy sharing their information.

At the same time, privacy can’t be every developer’s number one concern – it’s never going to trump time dedicated to monetising or improving the product. That’s why MEF created AppPrivacy, a free privacy policy generator that provides an app with best practice privacy in less than an hour.

MEF took this message to developers at this year’s AppsWorld expo in a panel featuring MEF Chair Andrew Bud Martin Fanning, a partner at international law firm Dentons, James Pimentel-Pinto, a founding director of leading UK developer AgencyMobile, and yours truly. You can watch the session in full below but here’s a summary of what was discussed.

Martin Fanning, Dentons: privacy is an opportunity for app developers as much as a risk.

Martin explained that the laws that govern data collection around the world are converging. Regardless of where you’re based and who you’re selling to, certain principles are certain to apply (soon, if not already). In a nutshell:

• You must be transparent – explain what data is collected and what it is used for.
• You need the user’s consent to collect data, or at least be able to demonstrate the user is aware of the situation.
• You must secure the data.
• Finally, you mustn’t keep hold of the data any longer than necessary.

And in Europe, rules are about to become tougher. The new Data Protection Regulation which will take effect in a couple of years is even more prescriptive in terms of what app owners and stores must do. There are also harsher penalties for companies that get it wrong.

Martin was at pains to point out, however, that developers can use the law as a differentiator. If you get privacy right you can set yourself apart in the marketplace. You can improve user experience and also collect a data set that is richer and therefore more valuable.

He referred to Microsoft’s strapline in a recent ad campaign: ‘your privacy is our priority’. An example of how big commercial players are exploiting this. Martin summarised: “It’s not about downside, it’s all about upside.”

James Pimentel-Pinto, AgencyMobile: AppPrivacy makes privacy easy for devs

James spoke of AgencyMobile’s early days building e-commerce sites when they had to get their head across privacy, security and data protection rules very quickly. They’re seeing a parallel now in the mobile apps world. Up until now you could copy and paste a privacy policy from somewhere else and change the odd word here and there. Not anymore.

AppPrivacy is a web-based tool that takes the hassle out of the process for developers. You’re not a lawyer, you don’t want to hire a lawyer. AppPrivacy gives you a pre-written, best practice privacy policy in just ten minutes or so. The tool is question-based with tool tips and drop down menus. All you have to do is explain what your app does with data.

The policy outputs as html. You just need to extract that, put it within your own coding environment and choose where you want it to sit within your app. AppPrivacy means you don’t have to think through a policy, then write and format it. This does it all for you.

You could just leave it there, or you can choose to customise it. It’s very flexible – no one privacy policy has to look the same.

James reiterated Martin’s point that this is an opportunity for developers. The whole point of this is that you actually want users to go through your privacy policy, demonstrate you have nothing to hide. Privacy is no longer the elephant in the room, it’s something that’s out in the open. 99% of users will be fine with what you’re doing and they’ll thank you for being honest.

[youtube=http://www.youtube.com/watch?v=aX7FdAgFRh0&rel=0]

.

Q&A Summary

First, Andrew carried out a quick straw poll of the developer audience:

• Two-thirds are collecting personal information.
• Around a half obtain consent to collect information (beyond the standard OS requirements)
• Two thirds are selling to a global audience.

1)  Surely collecting data is a fundamentally dishonest business model? It affects the character of the society we live in.

Andrew replied that what MEF has learned from other business models is that the ultimate sin is to deceive people. Adults are allowed to choose to do things that you and I wouldn’t necessarily do, but they need to have made a conscious decision to do so. The developer needs to be transparent and to be able to demonstrate willing consent.

James agreed that in a democratic society you have to give consumers choice. It’s not up to us to dictate what people should and shouldn’t do with their personal information.

Martin pointed out that protections for individuals are getting stronger when companies are judged to have overstepped the mark.

2) By giving a simple, easy-to-digest policy are you not making yourself vulnerable to criticism? Surely a detailed long-form policy is more ‘fireproof’?

Andrew began by agreeing that there is a tension between being detailed and being clear. MEF is working at the point of this tension and our working group has made an ‘exquisitely-tuned judgement’ which resulted in AppPrivacy.

Martin recognised that lawyers do indeed love words. ‘We’re trained in a risk-averse way – to cover every loophole. But that’s not good enough in the context of transparency. This product really is best-practice.”

I reminded people that while AppPrivacy does not give you legal protection, it does help you demonstrate that you did everything practicable to help the consumer. And it’s highly unlikely that a regulator would go after a company that could show it had operated in good faith in this way.

3) What’s the opportunity presented by privacy?

James began by saying that the more simple you are with language, the more people respect your openness.

My take was that the upside is around brand. If you look at the most successful entrepreneurs, they are dynamic and innovative but they also want to build long-standing relationships with customers. What was it Warren Buffet once said to his staff? “You lose a million dollars I’ll forgive you. But if you damage my reputation, you’re out on your ear.” (I’ve paraphrased here). The point is: reputation is critically important to big brands. If you want to develop apps for them, or if you have ambitions to become one, it’s a lesson worth learning.

4) Does the policy generator take into account country-specific laws?

I replied that it’s not currently available in foreign languages and it’s not specifically tailored to individual markets right now. It’s a free product, and a global tool for developers looking to appeal to a global audience. But if there’s demand of course we’ll look at upgrading the tool.

Martin reiterated it’s not one size fits all, how can it be? There is no substitute for legal advice where it’s needed. It is, though, best practice – following the themes we’re seeing from US and Europe policy-makers.

5) What about 3^rd parties? As soon as we implement SDKs we are inviting other companies to collect data and we don’t know what they’re doing with it.

I pointed out that part of this is about educating consumers that there are lots of different parties involved, each with their own roles and responsibilities. We point people to the ad network’s privacy policy and to Facebook’s and to whichever other companies are nominated by the developer.

6) How is this tool paid for if it’s free to the developer: is it sponsored?

Andrew replied that our members pay us fees so it’s an investment from our member-base. The reason our members are happy for us to do so is that we’re building trust in the market as a whole. If developers get this wrong, consumers will flee to a small number of massive, trusted brands and the rest of us will all lose out.

And, with that, we ran out of time which was a shame because I think both panellists and audience could have carried on for a while longer! We were thrilled to see so many developers taking an interest in privacy – it’s clear that it’s working its way up their list of priorities. This can only be a good thing, for both consumers and the app community.

Simon Bates is MEF’s Senior Advisor for Policy & Initiatives, you can contact him here. For more information about MEF’s App Privacy Tool, visit the website and try the service for free now.