The Federal Trade Commission has released a guide, Marketing Your Mobile App: Get It Right from the Start, to help mobile application developers comply with truth-in-advertising standards and privacy principles.  Although the guide is informal and not binding guidance, it does represent helpful FTC commentary.  The guide notes that a one-size fits all approach is not workable since all applications are different but provides general guidelines for developers to follow:

Truth-in-Advertising Standards

  • Tell the truth about what the application can do.  The guide directs developers to consider their product from the perspective of average users and not software engineers or application experts.  If the developer makes objective claims about the application, the developer must have solid proof to support the claims.
  • Disclose key information clearly and conspicuously.  Developers must provide key disclosures in a manner that is “big enough and clear enough that users actually notice them and understand what they say.” 

Privacy Principles

  • Build privacy considerations into the application from the start.  In selecting the default settings for an application, developers should incorporate privacy protections into their practices, limit the information collected, securely store information collected, and safely dispose of information no longer needed. 
  • Be transparent about data practices.  Developers should explain what information the application collects from users or their devices and how the information is used.
  • Offer choices that are easy to find and easy to use.  Developers should give users tools that offer choices in how to use the application, such as privacy settings, opt-outs, or other ways for users to control how their personal information is collected and used. 
  • Honor privacy promises.  Developers must adhere to assurances made to users in privacy policies and obtain users’ affirmative consent for any material changes to privacy practices.  
  • Protect kids’ privacy.  Applications that are designed for children or that collect information from children may be subject to additional requirements under the Children’s Online Privacy Protection Act (COPPA). 
  • Collect sensitive information only with consent.  Developers should obtain users’ affirmative consent before collecting any sensitive data, such as medical, financial, or precise geolocation information. 
  • Keep user data secure.  Developers must take reasonable steps to keep sensitive data secure and adhere to data security promises made to users.
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Mike Nonaka Mike Nonaka

Michael Nonaka is co-chair of the Financial Services Group and advises banks, financial services providers, fintech companies, and commercial companies on a broad range of compliance, enforcement, transactional, and legislative matters.

He specializes in providing advice relating to federal and state licensing and…

Michael Nonaka is co-chair of the Financial Services Group and advises banks, financial services providers, fintech companies, and commercial companies on a broad range of compliance, enforcement, transactional, and legislative matters.

He specializes in providing advice relating to federal and state licensing and applications matters for banks and other financial institutions, the development of partnerships and platforms to provide innovative financial products and services, and a broad range of compliance areas such as anti-money laundering, financial privacy, cybersecurity, and consumer protection. He also works closely with banks and their directors and senior leadership teams on sensitive supervisory and strategic matters.

Mike plays an active role in the firm’s Fintech Initiative and works with a number of banks, lending companies, money transmitters, payments firms, technology companies, and service providers on innovative technologies such as bitcoin and other cryptocurrencies, blockchain, big data, cloud computing, same day payments, and online lending. He has assisted numerous banks and fintech companies with the launch of innovative deposit and loan products, technology services, and cryptocurrency-related products and services.

Mike has advised a number of clients on compliance with TILA, ECOA, TISA, HMDA, FCRA, EFTA, GLBA, FDCPA, CRA, BSA, USA PATRIOT Act, FTC Act, Reg. K, Reg. O, Reg. W, Reg. Y, state money transmitter laws, state licensed lender laws, state unclaimed property laws, state prepaid access laws, and other federal and state laws and regulations.