The Draft NTIA Mobile App Code of Conduct – Pretty Close to Useless

After more than a year of “stakeholder” discussions, the National Telecommunications and Information Agency released a final draft Short Form Notice Code of Conduct to Promote Transparency in Mobile App Practices.

Let’s talk about what’s wrong with it.

We have to start with the irony that the title of the Short Form draft is 13 words long. 

While we’re on drafting issues, consider this sentence from the NTIA draft:

With regard to the collection by the app of data listed in II. A or the sharing of data with any category of third party listed in II.B, the short form notice need not disclose the collection or sharing if the entity providing the notice does not affirmatively authorize such collection or sharing and does not have actual knowledge of, or deliberately avoid obtaining actual knowledge of, such collection or sharing before it occurs.

That’s 74 words in one sentence – a sentence about notices that are supposed to be “… easy for consumers to read and understand.”

Not short and not clear.  That’s two ironies in one sentence.

Of course the substance of the NTIA draft is the most important thing about it. 

Unfortunately it’s also the most disappointing thing about it. 

The NTIA draft addresses enhanced transparency, but not enhanced individual choice or control. 

Consider this from a previous post here:

My mobile device gives me three choices if I want to use a location service:

Verizon Wireless

 By selecting “VZW location services”, you are enabling Verizon Wireless and third party authenticated and validated location services to access certain location information available through this device and/or the network.

Google Location Services

Allow Google’s location service to collect anonymous location data.  Some data may be stored on your device.  Collection may occur even when no apps are running.

Standalone GPS Services

By selecting “Standalone GPS services”, you are enabling access to all location information by any third party through web access or any software or peripheral components you chose to install, download, add or attach to the device or any other means.  Enabling this functionality could pose certain risks to users of this device.

My choice is to take it or leave it. 

The American Civil Liberties Union seems to be optimistic that the clarity called for in the NTIA draft will bring choice.  They say:

“The American Civil Liberties Union supports this code as a modest but important step forward for consumer privacy. It allows applications to compete on privacy and gives consumers a tool to pick the most privacy friendly applications,” said Christopher Calabrese, legislative counsel at the ACLU’s Washington Legislative Office.

I hope they’re right.  They might be.  There are now some search engine choices you can make based on privacy. 

For example: 

However, it is hard to be optimistic when the stakeholders themselves haven’t actually committed to adopting the practices that they worked for months to define.

This is explained well by Consumer Watchdog:

NTIA formally polled participants about the proposed code during Thursday’s meeting.  They were asked if they “endorsed” the code, “supported” the code, or wanted “further consideration” or “objected.”  Endorsement means a company is saying they “support the finalization of the code and intend to adopt the code once they have developed and tested a compliant mobile short-form disclosure,” NTIA said.

However, under NTIA’s guidelines expressing “support” carries no obligation. “Supporters are not making any representation that they will adopt the code or recommend adoption to their members,” NTIA said.

“This is absurd Orwellian doublespeak,” said John M. Simpson, Consumer Watchdog’s Privacy Project Director.  “A company can put out a press release saying it supports the Transparency Code, boosting its public image and then do absolutely nothing.”

Two participants said they endorsed the code, 20 supported it, 17 voted for further consideration and one objected.

You can find more about the drafting process and the participants here.

One last thing.

How many governmental entities have to be involved with this stuff?  The National Telecommunications and Information Agency, the Federal Trade Commission and every state attorney general?

Who’s else?

This entry was posted in Big Data, Privacy, Regulation and tagged , , , , . Bookmark the permalink.