Consumer Rights Groups Take Issue With NTIA Code of Conduct for Mobile App Data Collection

On Friday, we learned that the mobile industry has developed a short-form notice for mobile apps that tells users if the app is collecting their data and in what areas (i.e., phone call and text logs, location data, and so on) that would appear before app download begins. The program is currently voluntary and being tested, and although on the surface it seems like a step forward for consumer protection, some industry consumer rights groups are opposed to it.

Jeffrey Chester of the Center for Digital Democracy (CDD) told us that, with respect to all the work that the industry put into the plan, he doesn’t believe the new code of conduct will actually do much for consumers. “The process ignored the actual mobile app business practices, and refused to engage in the testing that's required,” he said. “Words on a small screen--even if better than long and hard to find privacy policies--doesn't mean anything unless we know it tells users: one, what data is actually collected and how it is to be used, and two, whether they will see it in the first place.”

The CDD points to the fact that the code is full of potential loopholes, has a vague definition, and it doesn’t make a lot of sense for industry players to get in line with the program when their fundamental “data maximization” business model would be threatened by it.

NTIA, part of the U.S. Chamber of Commerce
U.S. Chamber of Commerce, parent of the NTIA

The Consumer Federation of America (CFA) agrees with the CDD, and further noted in a statement that: “Most disturbingly, while the code calls for mobile app developers to disclose whether users’ data will be shared with certain types of third parties, such as social networks and ad networks, no disclosure is required when the data is shared with the very same types of entities if they are part of the same corporate structure as the app developer.” The CFA further argues that the process itself was flawed by not having clear procedure and end goals, and crucial terms such as “user data” were never clearly defined.

Yet another group, Consumer Watchdog, points out the sloppiness with which support for the code was garnered. It says that participants were polled in a meeting and presented with muddled options--they could “endorse” the code, “support” the code, ask for “further consideration”, or “object” to it. However, supporting the code required nothing in terms of obligation to adhere to it.

If the picture these groups are painting is correct, the NTIA led an effort to enhance transparency and protect consumer rights that devolved into a toothless, confusing-at-best, fox-in-the-henhouse voluntary program with no requirements for participation nor consequences for failing to adhere to guidelines instead of real legislation.

Essentially what these groups are saying is that the industry voted itself a PR win instead of doing anything to protect consumers.