Monday, 28 May 2012

App privacy, app contracts, apps legal issues

Apps legal Challenges Conference

I spoke on the closing panel at the apps: legal challenges conference on 24th May, and promised an update so here it is, along with another interesting development as reported by one of my two must read columnists over at wired on apps privacy.
Clueful: An app that tells you what some apps my be hiding...

App data privacy issues

I approach this subject with great interest, as, having spent tens of millions of pounds of other people's budget on 1000's of apps over the last 5+ years, the legal side has always fascinated me: My first encounter of the nitty gritty of this was doing th Nokia festival guides, in association with another 3rd party event organiser, multiple agents, agencies and 3rd party developers it could have been a quagmire. The key, I am not ashamed to add, was me: not for any other reason that I was then the "mobile director" in charge of pulling all elements together, from development to legal, to developers, to agencies, approving the technical and other content of press releases, software releases and even the promotional and other text messages meant that these nasties, like privacy issues, were spotted before they went out of the door.

What is the mobile app privacy issue?

As apps have become more common place, they have been treated more and more as just the same old digital, like the internet but on the mobile, which is right, legally they are, however technically they are not, and while you can visit internet privacy law every so often (every supplier change usually!) mobile is more fluid, and things like the Path (and others) talking data from devices and on happens, and I have seen it do so for the following reasons which make mobile different:
  1. somebody says: "we need to be on these devices by x day" the developers say we cannot because... the report goes back to somebody who cannot be bothered or to be fair is too busy to get their hands dirty as they not just "mobile director" but also "digital director", "innovation director" "all things shiny-and-new director" :) and so he says "make it happen. in this situation good people will usually do what is best from either, a) a timescale point of view, b) a technical point of view,  or c) a user experience point of view, almost always in that order. In the case of Path et al, taking complex user details from the battery, memory, connectivity and CPU constrained handset and putting it in the ever more powerful cloud made technical, time and even User Experience (UE) based sense - this was an all round better experience, however... nobody in legal would have been, nor have a process to be consulted.
  2. lawyers who are consulted very rightly point out these issues and so are either a) not consulted or b) somebody goes over their head and says "make it happen" in which case the lawyer has his options covered (there is a more common term I shall refrain from using). Really, in-house technical staff are usually allowed the luxury of external specialist help for issues mobile, that is what I do for a living, so why are in-house of even external legal not allowed that luxury: you chose your in-house or external legal to cover your core business, its quite reasonable to assume that you or they may benefit from some specialist help as well
  3. The whole process is almost entirely outsourced to 3rd party developers so internal people really do not know even what code that the developer is using could even be accessing other client's data, etc...

Why Mobile App privacy issues arise

In all these cases, no single person, or even team, has full end to end ownership of mobile, or if they do they seldom have the time to keep themselves up to speed with all the developments in legal, technical and more,  as they are often wearing some other digital / technical / legal hats ... and so, there is no "mobile director" who takes responsibility for the end to end process.

A big part of this is that, while mobile is now surpassing web in terms of access even on key social network sites, the team size in any organisation no where near reflects this, and indeed in many parts of the industry (mobile advertising for example) many players are still just relatively dabbling in mobile.

A second part is that, just like companies who provide our services cannot keep up, neither can we the consumers, and we are just dabbling in mobile security most of the time: it's all well and good that we get a bit upset at Path and others for taking our data (or did we, really??? TBH I think my data is probably safer on Path's server, assuming its saved in a PCI compliant way, that it is on my own phone where its impossible for all the data to not be associated with me the user...) we did not mind the better user experience and it probably was in the T&Cs... somewhere: Yes I am talking to you, and me, the iphone user who has never read the 64 pages of T&Cs that apple throw at us every few weeks, the app user on any platform who does not read even the APIs and app wants if we want it badly enough, and so on...
Clueful UE: wot no "privacy" page :)

Avoid & be aware of app privacy issues

So in the meantime, the best we can all have is an app that we may uses every so often to have a peek and see that we are all ship shape, like clueful. Essentially, like now a spyware detector has surpassed the need for an antivirus for the tech savvy, an app (for end users) and a policy for app providers and an app store owners and even mobile operators is probably the safest way forward. Spybot mobile operator edition anyone?

If you like this article, please like us or +1 on Google+ or or tweet, retweet etc, follow me on twitter or whatever social means of showing appreciation takes your fancy... yes, even like me on the fancy if you so wish :)

If you want to discuss issues around privacy, legal issues surrounding apps and app stores (I can only point out issues I have come across, cannot offer legal advice!) of just the trials and tribulations of enabling mobile for your company then use the contactify button above right

No comments:

Post a Comment