recommended reading

Administration privacy approach to get first test

When the Obama administration in February rolled out its approach to protecting consumer privacy online, it put as much emphasis on industry self-regulation as it did on its call for legislation to provide consumers with privacy protections.

Administration officials argued that given the difficulty in moving legislation, pushing industry sectors to help develop codes of conduct would help bolster consumer privacy until lawmakers act on the issue -- something that appears highly unlikely this year.

That approach will get its first test on Thursday, when the Commerce Department convenes the initial meeting aimed at developing industry codes of conduct for the mobile-apps sector.

Although the first session is focused on just one sector, the administration is aiming to extend the process to others that collect information from consumers, whether it is when they register to use a website or download a mobile app to their smartphone. While the codes are voluntary, companies that agree to abide by them will open themselves to enforcement from the Federal Trade Commission if they fail to live up to their promises.

“We will learn a lot about where the center of gravity may be on how to move forward on mobile privacy codes of conduct and get a sense of what it takes to make progress,” White House Deputy Technology Officer Danny Weitzner said earlier this week in a speech at the Hudson Institute.

The administration appears to have set a low bar for the first sector. It is limiting the first set of meetings to developing guidelines for how mobile-apps providers can provide more transparency in what they do with information collected from users.

Despite the relatively narrow topic, the meeting has already sparked some controversy. Privacy groups complained that by hosting the meeting in Washington, some privacy advocates based outside the nation’s capital would be excluded. The event will be webcast, but the groups have pushed for some sort of two-way communication.

At the same time, some privacy advocates worry that the meeting is too narrowly focused and that industry codes should also cover the collection practices of mobile-apps providers.

“I think many in industry will come in and try to get their current business model … get an Obama administration stamp of approval, and it’s not going to be sufficient,” Center for Digital Democracy Executive Director Jeff Chester said. “Whatever deal is struck has to reflect what’s happening with the industry.”

Some industry officials say they do not currently favor expanding the agenda beyond transparency, which is just one of the several planks in the administration’s call for legislation to implement a "privacy bill of rights," which also includes such principles as adequately securing information and limitations on the amount of data collected about consumers.

“The administration is focused very, very narrowly on the most important topic … which is transparency,” Jon Potter, president of the Application Developers Alliance, a new industry group for apps developers, told National Journal. “That’s the entirety of what this exercise is about. If it succeeds, than we can talk about other issues.”

The apps industry has come under scrutiny over reports that some apps secretly collect address book, location, and other data from users’ smartphones.

A new study released Wednesday by the Future of Privacy Forum shows that the industry appears to be doing more to alert consumers to how their personal data is treated when they download or use an app.

The study examined whether the most popular free and paid apps available from Apple, Google, and Amazon provide privacy policies telling consumers what they do with user data. The study found that 61 percent of the 150 apps examined had privacy policies, with the greatest number among the free apps.

While privacy policies provide consumers with limited information and can often be difficult to read, the policies show that apps makers are at least examining what information they collect, Future of Privacy Forum Director and cofounder Jules Polonetsky said in an interview.

“We don’t think it will solve privacy for mobile consumers," he said, "but at least it forces [apps developers] to go through and figure out what they are doing.” 

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.