Late last month two trade organizations issued “guidance” and a “code” of conduct for mobile applications. On July 24th, the Network Advertising Initiative (NAI) issued its 2013 Mobile Application Code, addressing data collection, cross-app advertising and ad delivery and reporting. On July 25th, the Digital Advertising Alliance (DAA) issued guidance on giving consumers the ability to “see and exercise control over the use of cross-app, personal directory, and precise location data in mobile apps.” Both the Code and the guidelines are voluntary. Many people are surprised to learn how little government regulation there is in these areas in the U.S.
Apart from the business reasons, there are good legal reasons for application providers to pay attention to what is often broadly referred to as “privacy and data security,” particularly if they are handling money or financial data. Costly or high profile privacy or security breaches attract the attention of government regulators and class action plaintiffs’ lawyers who may try to shoehorn perceived bad acts or omissions in cyberspace into traditional regulations and tort theories. An investigation or lawsuit can be costly and damage a reputation irreparably, even if the defense prevails. Agreement and adherence to a recognized standard, even a voluntary one, may provide a defense. But the key qualifier is “adherence.” For most companies that have faced liability for data and privacy breaches it was because the company adopted or published a standard and then failed to meet it. Whether you opt-in to NAI, DAA, another standard, or draft your own policies, it is essential that you adhere to them. A standard that is ignored could lead to greater liability than no standard at all.
Finally, extensive and complex rules—not addressed here—apply to activities of common carriers regulated by the FCC and their agents and affiliates. We can advise you on FCC regulations if you fall under them.
LNGS contact: Brooks Harlow (firstname.lastname@example.org)