The US National Telecommunications and Information Administration (NTIA), part of the Commerce Department, has released a privacy code of conduct for mobile apps, reports The Verge.

Note that it is a code of conduct, and not enforced by any law. It states that app developers and publishers who adopt the privacy code of conduct should display a short form notice with details outline below, irrespective of whether a consumer knows that it is being collected, access to a long form privacy policy if it exists, sharing user specific data to third party apps, among others. The short form privacy policy should provide information on:

A. For the data collected
The short form notice shall state which of the following data categories the app collects:

– Biometrics (information about your body, including fingerprints, facial recognition, signatures and/or voice print.)
– Browser History (a list of websites visited)
– Phone or Text Log (a list of the calls or texts made or received)
– Contacts (including list of contacts, social networking connections or their phone numbers, postal, email and text addresses)
– Financial Info (includes credit, bank and consumer-specific financial information such as transaction data.)
–  Health, Medical or Therapy Info (including health claims and other information used to measure health or wellness)
– Location(precise past or current location of where a user has gone)
– User Files (files stored on the device that contain your content, such as calendar, photos, text, or video)

 B. For the data shared

The short form notice shall state whether the app shares user-specific data with any category of third-party entity that falls within any of the following categories:
– Ad Networks (Companies that display ads to you through apps.)
– Carriers (Companies that provide mobile connections.)
– Consumer data resellers (Companies that sell consumer information to other companies for multiple purposes including offering products and services)
– Data analytics providers (Companies that collect and analyze your data)
– Government entities (Any sharing with the government except where required by law or expressly permitted in an emergency)
– Operating Systems and Platforms (Software companies that power your device, app stores, and companies that provide common tools and information for apps about app consumers)
– Other Apps (Other apps of companies that the consumer may not have a relationship with)
– Social Networks (Companies that connect individuals around common interests and facilitate sharing)

Read more here (pdf)

Besides the short form privacy policy, app developers are also asked to provide consumers access to participating app’s data usage policy, terms of use or long form privacy.

These privacy code of conduct does not apply in India, however, we feel that the Indian government needs to implement something like this in India as well. With the increasing smartphone penetration in the country, it’s become important that consumers are informed about the kind of data that is collected from their smartphone. A mobile phone is a device that’s with someone 24×7 and the latest smartphone are capable of collecting information such as accurate location details, fingerprint details, photos, among others.

Sometimes one does not want to give access to such kind of information to mobile app developers. The usability of such data is questionable and differs from person to person. For example, Google Now smart engine app from Google is able to accurately predict my home location based on the GPS coordinates and the time I spend at the location. This kind of smart prediction can creep out some people, it sure did for me in the beginning.

Currently, while installing an app on an Android handset, developers have to inform users that the app collects information such as modify storage, modify system tools, collect location data, service that costs you, among others. However, significant information on the data collected that a user needs to know is not being informed — information such as ads being targeted based on the carrier that I am using. Significant amount of personally identifiable data can be gathered just through access to mobile carrier and phone.

That said, since India does not have a privacy law in place, the information collected from apps could be easily misused by the app developers. Hence it’s important that consumers are educated on what personal data is collected and how the developers plan to use it.

Related:
#GMIC2013: Xiaomi Founder Lei Jun On How MIUI Addresses Key Android Issues