The FTC’s interest in mobile applications is not surprising given that mobile privacy has been the focus of a number of recent Congressional hearings and press reports. However, it will be interesting to see what Section 5 claims the FTC will raise with respect to mobile apps. The FTC’s authority to adopt prescriptive rules under Section 5 is highly constrained. There is no rule under Section 5, for example, that a mobile app developer post a privacy privacy.
Instead, it is common for the FTC to issue informal guidance explaining what acts and practices it is likely to consider “deceptive” or “unfair.” While not legally binding, this informal guidance provides industry some indication of where the FTC’s Section 5 enforcement efforts are likely to be concentrated. Last December the Commission released a preliminary staff report that proposes a framework for businesses and policymakers to protect consumer privacy. In her speech to the ABA, Commissioner Brill referenced this preliminary report to support her claims that mobile app developers should develop simplified notices, icons, and layered notices to provide consumers information about the developer’s information handling practices.
However, building an enforcement action around this report may be problematic for at least two reasons. First, the report is still in draft form, and a final report is not expected until later this year. Second, the preliminary report stopped short of calling for legislation or prescriptive rules and remained generally supportive of self-regulation.