FTC, Path settlement shows online privacy goes beyond the policy
By Hayley Tsukayama,
Much of the conversation about online and mobile privacy focuses on using clear language, but Web and app developers may also want to mind the p’s and q’s of good graphic design to stay out of hot water.
Instead, he noted, Path’s privacy problems lay in a design flaw.
Last February, developer Arun Thampi noted that Path’s app on Apple’s iOS platform was automatically collecting contact information when it was downloaded, so it could let users know which of their friends might also be on the network. The app contained an option to “Add Friends,” but Thampi noted that Path’s app was already collecting the information before users hit that prompt.
Path CEO Dave Morin later apologized to users, saying that the way it designed the feature was “wrong.” On Friday, the company agreed to submit to privacy audits for the next 20 years and to pay $800,000 in fines to settle charges it improperly collected data from adults and children under the age of 13.
Polonetsky said it’s notable that the FTC cited this as a user interface issue in its complaint.
That focus on clear design and timing in apps also popped up frequently in the mobile privacy guidelines the FTC released Friday, which suggested app developers design icons or “just-in-time” notifications that make it clear and obvious when users are sharing personal information.
There has been a lot of debate over how developers should display their privacy policies and guidelines in an effort to be transparent with consumers, both on the Web and in apps.
The advertising industry already uses icons as a sort of visual shorthand to send Web browsers a signal about when and where they can find more information on behavioral advertising. Other companies, such as the social infrastructure firm Gigya — for which Polonetsky is an adviser — offer visual indications that consumer registration data is in safe hands.
Gigya provides Web sites with log-in, registration and social tools, for example letting Web sites use social media log-in information in lieu of making new accounts on a given site. It also runs a program called SocialPrivacy certification, which requires participants to promise not to sell information, spam users or post and message users without permission.
Program participants display a seal on their Web sites that can serve as an at-a-glance guarantee of those policies.
Polonetsky said he thinks the FTC’s focus on visual design adds another dimension to efforts to have Web and app programmers consider privacy from the first stages of development.
The mobile industry and others have debated about whether icons — particularly if they’re not standardized across the industry — really tell users anything. But Gigya has found that consumers do respond to icons if they are properly explained.
Without notifications or icons, Gigya found that 63 percent of consumers it surveyed believed that using social log-in information meant businesses would also sell their social profile data.
But 37 percent of the consumers surveyed said that a badge from a third-party organization would make them more comfortable logging in with social information. That percentage jumps to 49 percent when sites add a “short, clear message” explaining how data is collected.
“Having that transparency in a no-nonsense way is a much better way for businesses to use it and to have people use the technology,” said Victor White, Gigya’s marketing manager.
Related stories: FTC offers mobile privacy guidelines, settles with Path on child privacy breach, improper data mining Path app under fire for copying address books FTC Chairman Leibowitz to announce departure Sign up today to receive #thecircuit, a daily roundup of the latest tech policy news from Washington and how it is shaping business, entertainment and science.