Privacy Update in a Data-Driven World

How do you collect, use, share, and/or retain personal information? Most app stores require a privacy policy from developers. But as developers and platform providers find new ways to make use of user data for product features, adaptive instruction, or new services; the questions surrounding a user’s privacy becomes more acute.

Privacy_feel like you're being watchedThere have been “advances” in the US this past year that may figure in a learning technology supplier’s privacy protection plans.(Reminder: This is a blog, not a legal brief.) Two worth mentioning in particular were issued to protect consumers of mobile apps and children using online products.

 

California’s Guidelines “On the Go”

To borrow from Johnny Depp in the “Pirates of the Caribbean,” the AG’s guidelines are just that – guidelines – not legal rules or even government-inspired, enforceable online privacy “codes of conduct” such as those the National Telecommunications and Information Administration (NTLA) was working on. Basically, the California guidelines reinforce the FTC’s “privacy by design” approach and the Organization for Economic Development’s (OECD) “Fair Information Practice Principles,” (FIPPs) with a couple of new twists.

What was new in the guidelines is that the recommendation to encrypt transmissions of PII (personally identifiable information) includes apps downloaded or used. Second, the guidelines introduce a new term “surprise minimization,” meaning to “minimize surprises to users from unexpected privacy practices,” such as not collecting data that goes beyond an app’s basic functionality, providing a downloadable privacy policy, and providing “enhanced measures” that alert users to and give them control over data not required for functionality or include sensitive information.

FTC’s Expanded Definitions to Protect Children

Of interest to developers and platform-makers who focus on Mobile Learning products for children–and particularly, but not exclusively, Location-based Learning products or services–are the revised rules the US Federal Trade Commission (FTC) issued for the Children’s Online Privacy Protection Act (COPPA) that went into effect in July of this year.

PRIVACY-06kids-web-articleLarge_NYT_JuliaYellowFTC’s new amendments expanded the definition of personal information to include persistent identifiers, geo-location information, photos, and videos. In addition, the rules require websites or online services to obtain parental consent before they can use, collect, or disclose a child’s (under 13) personal information.

The loophole the FTC intended to close is the practice of providing children’s information to third parties for advertising purposes.

KidzPrivacy_FTC

Advertisements
%d bloggers like this: