Privacy for Mobile Developers
                                                   Kasey Chappelle
                         ...
What is Privacy?

    The ability of individuals to know of, and to
    express choice and control over how information
 ...
Why should I care?

     
         Your users (increasingly) care
     
         The press loves a privacy story
     
...
Some defnitions: Personal Information

    Data relating to an
    identifed or identifable
    individual, for example:
...
Some defnitions: Location data

    Information that
    identifes the
    geographical location
    of a user's device,
...
Some defnitions: Active Consent
                
                    Affrmative indication
                    of agreeme...
About Transparency, Choice and
           Control
Be transparent

    Tell your user who you are, what personal
    information your app will use and why, and who
    else...
Be transparent
A good place to put this
is in your privacy policy,
clearly linked from the
app
Be transparent
A good place to put this
is in your privacy policy,
clearly linked from the
app
Be transparent
Remember that just
teling the user WHAT you
need doesn't tell them
WHY you need it
Be transparent
Remember that just
teling the user WHAT you
need doesn't tell them
WHY you need it
No surreptitious data collection

    Before users activate the app, make them aware
    of features that might affect th...
No surreptitious data collection
Remember that there is some data you may have
access to even without specifc APIs or prom...
Identify yourself

    Users must know who is using their personal
    information so they can exercise their rights to
 ...
Identify yourself
Can the user easily fnd
contact information
inside the app?
Identify yourself
Can the user easily fnd
contact information
inside the app?
Minimize the info collected

    The application should collect and use only the
    info required for its normal operati...
Minimize the info collected
Do you really need
all that information?
Gain their consent

    Sometimes (but not always) users will need to
    give active consent to use of their information...
Gain their consent
Will the users be aware
I'm about to do this
action with their data?
Gain their consent
Will the users be aware
I'm about to do this
action with their data?
Help them choose

    Make users aware of the privacy-related default
    settings and allow them to exercise their priva...
Help them choose
Do users understand
what they are allowing
you to do?
Beware of the blanket
         
               Whenever you access data with a blanket
               permission (no prom...
No silent updates

    Inform the users of material changes in the way
    your application will collect their data BEFOR...
No silent updates
Use whichever
mechanisms your
platform has to let users
know what has changed
No silent updates
Use whichever
mechanisms your
platform has to let users
know what has changed
Don't facilitate stalking or surveillance

    Applications should not collect, use or share data
    about someone other...
Don't facilitate stalking or surveillance
About Data Retention and Security
Tell them why

    Inform the user why you need to retain her
    personal data and for how long you need to keep
    it ...
Tell them why
Make sure your data
management policy is
justifed
Explain them how you know so much

    Whenever you offer results based on data
    mining, try not to surprise your user...
Explain them how you know so much
Let the users know what
part of their information
you use to minimize the
surprise
Keep it secure

    User data stored on the device or remotely must
    be stored somehow securely, for example by
    be...
Keep it secure
Ensure some form of
encryption when storing
the users' information
Delete my data if I ask you to

    Give the users a way to either delete their data
    themselves or contact you and as...
About Advertising
Not all Advertising has an impact in
                   Privacy

    When we talk Advertising here, we refer to
    Adver...
Let me know you have Ads

    Let users know the application will display ads
    before they activate it. Additionally y...
Let me know you have Ads
Users should know
beforehand what to
expect
Let me know you have Ads
Users should know
beforehand what to
expect
rd
    Give users choices about 3 parties

    If you're using analytics or network advertisers,
    you're required by l...
rd
  Give users choice about 3 parties
Let me opt out if I don't
want to share data (and
is not essential to the
service)
Target advertisement using legitimate
                data

    Avoid targeting ads using personal information
    which ...
Respect the privacy of my network

    Don't spam your users' contacts - applications
    should not collect information ...
Respect the privacy of my network
Don't spam my contacts
About Children and Adolescents
Age verify where possible and
                appropriate

    If the application context requires features like
    soci...
Age verify where possible and
              appropriate
If nothing else is
available, self-verifcation
is fne
Set privacy-protective default settings

    Applications targeted at children and adolescents
    should will require ca...
In summary...
High Level Principles

    Be transparent – don't surprise your users with
    unexpected data uses or sharing

    Be r...
Thanks! :)
           Kasey Chappelle
http://www.vodafone.com/start/privacy.html


             Ricardo Varela
       http...
Upcoming SlideShare
Loading in...5
×

Over The Air 2010: Privacy for Mobile Developers

1,185

Published on

A talk by Kasey Chappelle and Ricardo Varela about guidelines for implementing privacy in your mobile applications

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,185
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
31
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Over The Air 2010: Privacy for Mobile Developers

  1. 1. Privacy for Mobile Developers Kasey Chappelle http://www.vodafone.com/start/privacy.html Ricardo Varela http://twitter.com/phobeo OverTheAir 2010 image borrowed from http://xkcd.com
  2. 2. What is Privacy?  The ability of individuals to know of, and to express choice and control over how information about them is collected, shared and used
  3. 3. Why should I care?  Your users (increasingly) care  The press loves a privacy story  Regulators are watching
  4. 4. Some defnitions: Personal Information  Data relating to an identifed or identifable individual, for example: ● collected via an application UI ● gathered indirectly from  To be identifed, an user's device individual doesn't need to ● gathered from user's be called by name, their behaviour information may be associated to a unique ● generated by the user identifer
  5. 5. Some defnitions: Location data  Information that identifes the geographical location of a user's device, which may include GPS coordinates, cell id info, wif essids or other less granular data such as town or region
  6. 6. Some defnitions: Active Consent  Affrmative indication of agreement by the user to a specifc and notifed use of their personal information. Must be captured in a way in which consent is not the default option.
  7. 7. About Transparency, Choice and Control
  8. 8. Be transparent  Tell your user who you are, what personal information your app will use and why, and who else you might share it with
  9. 9. Be transparent A good place to put this is in your privacy policy, clearly linked from the app
  10. 10. Be transparent A good place to put this is in your privacy policy, clearly linked from the app
  11. 11. Be transparent Remember that just teling the user WHAT you need doesn't tell them WHY you need it
  12. 12. Be transparent Remember that just teling the user WHAT you need doesn't tell them WHY you need it
  13. 13. No surreptitious data collection  Before users activate the app, make them aware of features that might affect their privacy  Eg: don't access/use location data without letting them know
  14. 14. No surreptitious data collection Remember that there is some data you may have access to even without specifc APIs or prompting (for example, location from their IP) and inform your user if you intend to use it too
  15. 15. Identify yourself  Users must know who is using their personal information so they can exercise their rights to access, correct and delete information.  That info can be included in the application itself
  16. 16. Identify yourself Can the user easily fnd contact information inside the app?
  17. 17. Identify yourself Can the user easily fnd contact information inside the app?
  18. 18. Minimize the info collected  The application should collect and use only the info required for its normal operation and other legitimate uses (e.g., consent, required by law)
  19. 19. Minimize the info collected Do you really need all that information?
  20. 20. Gain their consent  Sometimes (but not always) users will need to give active consent to use of their information: secondary purposes, public display, sharing with third parties or remote/persistent storage
  21. 21. Gain their consent Will the users be aware I'm about to do this action with their data?
  22. 22. Gain their consent Will the users be aware I'm about to do this action with their data?
  23. 23. Help them choose  Make users aware of the privacy-related default settings and allow them to exercise their privacy choices (in an easy way)  You can help a user decide by showing the consequences of the actions being proposed
  24. 24. Help them choose Do users understand what they are allowing you to do?
  25. 25. Beware of the blanket  Whenever you access data with a blanket permission (no prompts required) be sure to show your own prompt reminding the user that this is the case, at least once and until the user confrms they want no further reminders image borrowed from http://www.starkeith.net/
  26. 26. No silent updates  Inform the users of material changes in the way your application will collect their data BEFORE you enable the changes. If the change is essential for the application, give them a chance to disable/exit the application
  27. 27. No silent updates Use whichever mechanisms your platform has to let users know what has changed
  28. 28. No silent updates Use whichever mechanisms your platform has to let users know what has changed
  29. 29. Don't facilitate stalking or surveillance  Applications should not collect, use or share data about someone other than the user except when the other party has chosen to publish that information
  30. 30. Don't facilitate stalking or surveillance
  31. 31. About Data Retention and Security
  32. 32. Tell them why  Inform the user why you need to retain her personal data and for how long you need to keep it (and make sure it's justifable)
  33. 33. Tell them why Make sure your data management policy is justifed
  34. 34. Explain them how you know so much  Whenever you offer results based on data mining, try not to surprise your user by providing some explanation about how their data has been used to reach those conclusions
  35. 35. Explain them how you know so much Let the users know what part of their information you use to minimize the surprise
  36. 36. Keep it secure  User data stored on the device or remotely must be stored somehow securely, for example by being encrypted (and ensuring the encryption keys are kept in a trusted environment)
  37. 37. Keep it secure Ensure some form of encryption when storing the users' information
  38. 38. Delete my data if I ask you to  Give the users a way to either delete their data themselves or contact you and ask you to delete it.
  39. 39. About Advertising
  40. 40. Not all Advertising has an impact in Privacy  When we talk Advertising here, we refer to Advertising that uses personal information, such as targeted advertising, or advertising that involves user data being send to a third party, such as embedding a third party ad tracking code
  41. 41. Let me know you have Ads  Let users know the application will display ads before they activate it. Additionally you can mention what to do if they don't want ads (like getting the paid-for app)
  42. 42. Let me know you have Ads Users should know beforehand what to expect
  43. 43. Let me know you have Ads Users should know beforehand what to expect
  44. 44. rd Give users choices about 3 parties  If you're using analytics or network advertisers, you're required by law to let users know (generally in a privacy policy) and tell them how to opt out (or get their opt in, in some countries).
  45. 45. rd Give users choice about 3 parties Let me opt out if I don't want to share data (and is not essential to the service)
  46. 46. Target advertisement using legitimate data  Avoid targeting ads using personal information which hasn't been collected for the application's primary purpose
  47. 47. Respect the privacy of my network  Don't spam your users' contacts - applications should not collect information about or send messages to contacts without the user's active consent
  48. 48. Respect the privacy of my network Don't spam my contacts
  49. 49. About Children and Adolescents
  50. 50. Age verify where possible and appropriate  If the application context requires features like social network access or displays restricted content, integrate age verifcation controls. When not possible, you can implement self-certifcation asking for a date of birth before activation of the application or feature.
  51. 51. Age verify where possible and appropriate If nothing else is available, self-verifcation is fne
  52. 52. Set privacy-protective default settings  Applications targeted at children and adolescents should will require careful treatment of social features, especially those using location.
  53. 53. In summary...
  54. 54. High Level Principles  Be transparent – don't surprise your users with unexpected data uses or sharing  Be reasonable – if you don't need data, don't collect it; if it's no longer needed, don't keep it  Give your users meaningful choices about how their data is collected, used and shared  Respond to your users' queries – in some cases, the law requires it
  55. 55. Thanks! :) Kasey Chappelle http://www.vodafone.com/start/privacy.html Ricardo Varela http://twitter.com/phobeo thanks to Belen Albeza (@ladybenko) for the cartoons!
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×