Mobile Apps Briefing talks to Pat Walshe, director of Privacy at the GSMA, about the organisation’s work in the app privacy space.

Is privacy something that app users are becoming more concerned about?
Yes. Recent research shows that consumers are increasingly concerned about their privacy when using mobile applications. Much of this concern stems from secondary uses of data that are not obvious to individuals or over access to data that is just not necessary to the application. For example, why does a ‘torch’ app need to know or collect the location of the device?

What we are hearing is that consumers want clear and simple notice about an application’s use of their information in addition to simple mechanisms for expressing preference over secondary uses of their information.  Getting this right is tricky. While consumers want to know and want choice – they want these in ways that don’t intrude on the ‘customer experience’ or which doesn’t destroy their battery life!

Has the app developer community so far failed to protect user privacy?
I wouldn’t say developers have ‘failed’ but something in the ecosystem is failing if consumers and regulators are increasingly concerned about mobile ‘app privacy’ as is evidenced by current headlines.  What’s important is that all those involved in developing and providing apps understand that ‘privacy matters’ and that it needs to be designed in from the outset. Currently privacy is not considered consistently across the OS and application platforms. This does little to ensure consumers can enjoy consistent privacy experiences in ways that help them to become aware of the privacy implications of apps and how they can manage their privacy.  

There is a need for a range of key stakeholders to agree on baseline standards to ensure consumers can have confidence and trust. When users feel their privacy is respected and protected, they are most likely to engage with an app.  We need to help app developers understand why privacy matters and the basics of what needs to be done.

What key advice would you give developers with regard to privacy issues?
Understand that ‘privacy matters’ to consumers and you have a responsibility to ensure your customers can make informed decisions about downloading and using an app. They’ll respect you for it and are more likely to engage with you and your company.

In a nutshell, keep it simple and as a minimum, provide users with a short notice about who you are and what your app permissions mean by explaining:
• what personal information a mobile application may access, collect and use where this isn’t obvious.   
• what the information will be used for (especially non-obvious secondary uses such as profiling for in app marketing or tracking location)
• how users may exercise choice and control over their information (tell them what privacy settings are available for example or how to enable or disable location tracking)
•  who to contact if things go wrong

As reported by the BBC, even Google’s Chairman, Eric Schmidt, recently acknowledged that Android permissions are difficult for consumers to understand and that Google intends to simplify these so people can control their data. This is very welcome news indeed.

What is the main intention of the GSMA privacy guidelines?
To ensure privacy is considered from the outset and designed in, to help improve the privacy experiences of mobile consumers across the world. Privacy is local and global – while app developers and app stores are often based in countries different to that of the consumer, a consumer’s privacy interests (expectations, needs, wants, concerns) transcend geographic boundaries. Consumers expect and deserve the consistent treatment of their app privacy wherever they engage with apps and wherever a developer or app store or app platform may be located.

Our overall initiative seeks to establish a global framework of universal privacy principles. We adopt a ‘Privacy by Design’ approach to help provide consumers with mobile friendly ways to help them better understand how their personal information is used and to provide them with simple mechanisms to exercise choice and control.  It’s much more than just providing transparency and choice, it’s also about educating consumers, it’s about only collecting and keeping the minimum information necessary and keeping that information safe and secure. It’s about putting the consumer at the heart of this process.

What kinds of organisations has the GSMA had contact with already, and what has the feedback been?
We have been reaching out to a wide variety of stakeholders including device manufacturers, app developers, app stores, social network companies, internet players, advocacy and consumer interest organisations, other trade bodies and regulators. It’s important to consider this as a long ‘conversation’ on privacy that will need the collaboration and commitment of key stakeholders to succeed.

App developers tell us they want the industry to help them understand privacy. They want consistency in approaches and standards. They want to help consumers and to get it right. But they need our (collective ecosystem) help.

Some global internet players have welcomed the initiative and congratulated us on achieving an important milestone by publishing the draft guidelines. 

What makes the GSMA the right organisation for app developers to work with?
I don’t think there’s any single organisation that can do this. We see our role as facilitating dialogue and working with key stakeholders in the interests of establishing best practice and strengthening the confidence and trust of consumers. If app privacy concerns continue to increase then confidence and trust will decrease and do little to drive the app economy and the innovation that provides such rich and wonderful experiences we currently enjoy.

Why the GSMA? We are global and our membership represents the interests of over 5 billion mobile consumers. We have a lot of experience and expertise in establishing self-regulatory measures to help protect consumers and have taken a leadership role on app privacy.

Tell us what you think at http://privacytalk.gsmworld.com/

 

Steve Costello