Developers have a responsibility for consumer privacy in the application space. Whether it’s an app on a social network, mobile platform, desktop device, or browser.
An application is software with limits – limits on the app’s function or its environment.
So the question regarding data privacy is, what can an app do? Or, rather, can an app do that?
The Middle Ground Between Open App Development Platforms and Closed App Development Platforms
Application platforms need to find a middle ground between “closed” and “open” to avoid stifling innovation.
We’ve seen an explosion in application development in the last two years – most prominently on the iPhone and Facebook app platforms.
The iPhone’s App Store now has over 200,000 mobile apps, and Facebook has over 700,000 apps users can install.
In both cases, the vast majority of these apps are developed by third parties.
Fierce competition has produced incredible innovations in functionality.
Tim Sparapani, Facebook’s Director of Privacy Policy, recounted how he had watched a World Cup game live broadcast using an application on his phone, all while waiting in an airport security line.
Consumers can reap great benefits from app platforms that foster data interconnectivity and openness.
For example, Microsoft’s personal health information platform, HealthVault, has the benefit of allowing third parties to access user information (provided control exists at the platform and user level).
As an example, Scriban pointed out that HealthVault users who grant the TrialX App access to their demographic information and bits of their personal health information can receive alerts about clinical trials in their area that might need them.
Third-Party Application Privacy Enforcement & Quality Control Issues
Privacy enforcement and quality control on third-party apps is a necessary, but difficult task, complicated by the following issues:
Data accountability and ownership are now fluid
Where in the past, app data typically resided on the user’s device hard drive, it now often resides in the cloud. Think Microsoft Office vs. Google Docs.
In the cloud information can be shared, copied (and breached) far more easily and the task of tracking and controlling the flow and access of data is increasingly difficult as these connections proliferate.
Privacy vetting at the code level alone is an insufficient check
Ian Glazer, Senior Analyst of Identity and Privacy Strategies, Burton Group, noted that there’s often no difference on a coding level between virtuous code and a scam.
Like technology, code itself isn’t good or bad. It’s how people use it for good or bad that matters.
With today’s rapid pace of innovation apps are a constantly shifting target
Apps get revised frequently. Code is rewritten and pushed to the users through downloadable updates, which users will usually accept without question.
The scope and functionality of an app can be radically changed by adding a few lines of code.
That said, privacy oversight and enforcement are needed in an app environment.
Current strategies for oversight and enforcement on major app platforms seem to be a combination of basic standards and vetting processes for initial app approval and using customer complaints or red flags as a feedback mechanism for identifying bad apps.
Proliferating Complexity in Data Use and Collection Practices Ahead
Privacy choices are only as good as they are useable, and establishing privacy expectations can go a long way toward heading off future privacy concerns.
Panelists noted that the existence of choice often overshadows the usability of choice when it comes to privacy, with panelist Ian Glazer remarking that “choices can be a lot of pretty rope to hang yourself with.”
Creating useable choices is no easy task as we face proliferating complexity in data use and collection practices.
Moreover, apps that mix and mingle in private and public spaces can create consumer confusion, resulting in unintended information sharing that can upset users.
Platforms openly public from the get-go (like Twitter) have an advantage when they expand services and functionality using their data because users expect that their data will be repurposed and reprocessed in this open system.