Notable recommendations in the 23-page report include app developers limiting data collection and retention, avoiding using global device identifiers that could be correlated across apps, using encryption to handle data, limiting access to users’ personal data by employees and designating an employee to occasionally review an app’s privacy practices to ensure that the policy remains up to date. Most of these recommendations are for mobile app developers, but there are some recommendations for other types of companies like app stores, advertising networks and wireless networks.
The state also asks for making privacy policies easier to read and understand. One solution the report suggests is presenting privacy information in format like “grid or ‘nutrition label for privacy’ format that displays your privacy practices by data type.'”
Assistant Attorney General Travis Leblanc told Ars Technica that the state plans to follow up on the report with training sessions in the spring, targeting smaller developers that don’t have the budget to hire full-time privacy experts to scribe privacy policies. Le Blanc added that the state expected to file another lawsuit in the next month or two against a mobile app developer that had failed to comply with OPPA’s conspicuous privacy polly requirements.
The Association for Competitive Technology executive director, and founder of ACT 4 Apps, Morgan Reed spoke out in support of these efforts.
“ACT appreciates the Attorney General’s ongoing efforts to improve app privacy awareness, said Reed, in a statement. We are encouraged by the AG’s emphasis on non-legislative efforts, like developer and consumer education to improve the mobile ecosystem. The introduction of the ACT 4 Apps Initiative will expand ACT’s efforts to raise developer awareness and engagement in app privacy and data transparency. Development of best practices is essential to support continued innovation and growth in the app marketplace.”
ACT, the advocacy and educational organization, introduced App Privacy Icons in October 2012 in an effort to provide consumers and developers with information regarding privacy settings and features of apps.