FTC Issues Mobile App Privacy and Marketing Guidelines for App Developers


The Federal Trade Commission (“FTC”) stated earlier this year in its final privacy report that it is going to focus legal enforcement efforts on privacy and data security law compliance in the mobile space.  As a part of this enforcement initiative, the FTC recently published additional guidelines called “Marketing Your Mobile App:  Get it Right From the Start” to help app developers comply with applicable privacy and marketing laws.  The guidelines recommend that mobile app developers do the following:

 1. Tell the Truth About What your App Can Do – If you make a claim that your app can do something (whether it be on the app, a website or elsewhere), you must have the proof to back up your claim.

2. Disclose Key Information Clearly and Conspicuously – Create clear and prominent privacy notices that users can easily view and understand. 

3. Build Privacy Considerations in from the Start – Create app default settings that limit the information you collect, securely store the information you must store and securely dispose of the information you no longer need.  Get opt-in consent for collecting information that users would not intuitively expect you to collect.

4. Be Transparent About your Data Practices – Clearly explain in your privacy notice what information your app collects and how you use and disclose this information

5. Offer Choices that are Easy to Find and Easy to Use – Build clear and conspicuous privacy settings, opt-outs and other user controls into your app that permit consumers to control how you collect, use and disclose their information.

6. Honor Your Privacy Promises – Live up to the promises in your privacy notice and on your app, and obtain consumer’s opt-in consent to any material changes you make to your privacy notice.

7. Protect Kids’ Privacy – If your app is designed for children, or if you knowingly collect personal information from children under 13, you may need to comply with the Children’s On-Line Privacy Protection Act.

8. Collect Sensitive Information only with Consent – Get opt-in consent from users before collecting any sensitive personal information (including without limitation, financial, medical, religious or certain precise geo-location information.)

9. Keep User Data Secure – Take reasonable precautions to keep data secure, including without limitation the following:  (a) collect only the information you need; (b) secure the data you keep; (c) limit data access to a need-to-know basis; and (d) securely dispose of data you no longer need.  And, make sure your contractors adhere to these same standards.

If you have any questions about how to comply with these FTC recommendations, please contact Helen Christakos at (650) 696-2545 or at hchristakos@carr-mcclellan.com

Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Carr McClellan P.C. | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.