By David Menken
The explosive growth of social media sites and mobile applications has been accompanied by an equally explosive growth in the volume of personal information disclosed by users, most of whom are not clued in as to how their information is being used. Our computers and smartphones record what we search, where we go, what we buy, who we like, and who our friends like.
Take the iPhone app “Girls Around Me,” recently pulled off the market by its Russian-based developer i-Free Innovations after concerns arose about stalking. The app, according to its developer, “scans your surroundings and helps you find out where girls or guys are hanging out”¦. This foursquare-based tool helps you see where nearby girls are checking in, and shows you what they look like and how to get in touch!”
Unknown to them, people who permitted Foursquare to log in their whereabouts were also disclosing their Facebook pages and, as a result, their names, profiles, photos and friends. That seemed like an invasion of privacy to many, especially since there was no disclosure that personally identifiable information was being collected, stored and disseminated.
Where privacy is concerned, social media and app developers are increasingly coming under the watchful eye and regulatory control of federal and state governments, as three recent events indicate.Â
MySpace case
Recently the social networking service MySpace agreed to settle Federal Trade Commission charges that it misrepresented its protection of users’ personal information. The settlement is quite severe, and is indicative of the U.S. government’s ongoing and increasing efforts to make sure that companies live up to the privacy promises they make to consumers.
Under the settlement, MySpace must implement a comprehensive privacy program, submit to regular, independent privacy assessments for 20 years, and refrain from making future privacy misrepresentations. A violation of the settlement could cost it millions in penalties.
MySpace has millions of users who create substantial online profiles. The company”™s privacy policy promised that it would not share the information provided by users without first giving notice, and promised that the information used to customize ads would not individually identify users to third parties. Yet MySpace did in fact share users”™ private information.
Privacy bill of rights
The MySpace settlement follows a White House announcement of a proposed Privacy Bill of Rights, released as part of a white paper, “Consumer Data Privacy in a Networked World.” The bill of rights declares that consumers have the right to control the data that is collected about them and proposes to give them more control over how information about them is collected, stored, disclosed and corrected. It has seven principles, all of which are essentially already in place in the European Union.
The Obama administration”™s intent is to enact a comprehensive personal privacy policy that applies to all consumer transactions, not only those regulated pursuant to the U.S.’s current sector-based approach. In the U.S., we regulate privacy in specific sectors, such as health care, financial services, communications, and the collection of data from children.
According to President Obama, “These rights give consumers clear guidance on what they should expect from those who handle personal information, and set expectations for companies that use personal data.”
California takes the lead
Not too surprisingly, California leads the rest of the country in protecting privacy. And when companies agree to California’s standards, they generally apply the standards to all of their users, and so consumers in the rest of the country benefit.
Such was the case this past February, when California Atty. General Kamala Harris reached a voluntary agreement with Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research In Motion – collectors of big data – to strengthen privacy protections for smartphone owners who download mobile applications.
The agreement specifically applies to California, but it will benefit users everywhere. It requires developers collecting personal information on California residents to post conspicuous privacy policies that detail what personal information they will collect and how they will use and share it.
Consistent rules clear the way
Consistent, albeit tougher rules make it easier for developers to build social media sites and apps that comply with new regulatory requirements.
“I’m very happy about it,” D.K. Smith, CEO of WPinHouse.com, a Word Press consulting and training site, said of uniform standards for collection and disclosure of personally identifiable information. “It makes it easier for me to get my clients to understand they must have privacy policies and terms and conditions, and what disclosures they have to make.” According to Smith, disclosure, control, and transparency are good for business, and clearly defined rules that everyone must comply with level the playing field.
In this digital age people are revealing great amounts of sensitive information about themselves to third parties in the course of carrying out daily tasks. As Chief Judge Lippman of the New York Court of Appeals wrote in 2009, in People v. Weaver, regarding surreptitious GPS tracking by police: “What the technology yields and records with breathtaking quality and quantity is a highly detailed profile, not simply of where we go, but by easy inference, of our associations””political, religious, amicable and amorous, to name only a few””and of the pattern of our professional and avocational pursuits.”
David Menken is an intellectual property attorney at McCarthy Fingar L.L.P. in White Plains. He can be reached at dmenken@mcarthyfingar.com.
