This was not a good week for groups trying to hammer out voluntary privacy policies.
A government-hosted multistakeholder group came close Thursday, but stopped short of agreeing on a voluntary code of conduct for how apps communicate to consumers which data they collect and share.
Originally convened a year ago by the Commerce Department at the urging of the White House, the group consisted of stakeholders across the app ecosystem—from consumer and privacy advocates to app developers, publishers and advertisers.
The group was charged with looking at the data-collection practices of mobile apps and developing a voluntary privacy code. Over scores of meetings, they focused on developing a brief notice telling consumers what personal information an app collected and whether that data was shared with third parties.
Many expected that at the conclusion of Thursday's four-hour meeting, the group would agree upon a final code to be tested, but the vote on the six-page document was difficult to interpret. Only two participants endorsed the code, meaning they intended to adopt it after testing. Another 20 groups, including the American Civil Liberties Union, the World Privacy Forum and the Electronic Frontier Foundation, supported it, but the vote carried no obligation for recommending or adopting the code. Seventeen participants voted for more consideration, and one objected.
The App Developers Allliance, which worked diligently on the final document code, saw the vote as a move forward. "Today's agreement that the model notices are ready for introduction and consumer testing is a win for both consumers and app developers," said Jon Potter, president of the ADA.
Just as many saw the vote as evidence that more needed to be worked out.
"Several in the room, the so-called drafters, tried to declare consensus and broad industry support and could not get their desired result. This should not be viewed as failure, but just highlights the need to keep our heads down and keep working at it. It is not a consensus and not done," said Stu Ingis, the Venable partner who represented the Direct Marketing Association in the process.
Others, particularly the privacy and consumer groups, were less kind and expressed the feeling they had been outgunned by the industry throughout the process.
"The NTIA [the Commerce agency that ran the group] should be nominated to run elections for the Kremlin," said Jeff Chester, executive director of the Center for Digital Democracy, who abstained and still has issues with the code. "They went from 'There's no consensus' to 'There is consensus that the document is final for now but can be changed in part based on testing.'"
John Simpson, Consumer Watchdog's privacy project director, called the vote options "Orwellian doublespeak," adding that the multistakeholder process just didn't work. "The first effort was supposed to be the simplest: a transparency code for mobile apps," he said. "That morphed into short-form transparency notices that, at best, provide marginal improvements in privacy protection that companies can say they support but will be allowed to ignore."