SlideShare a Scribd company logo

Over The Air 2010: Privacy for Mobile Developers

Ricardo Varela
Ricardo Varela

A talk by Kasey Chappelle and Ricardo Varela about guidelines for implementing privacy in your mobile applications

Technology
1 of 55
Download to read offline
Privacy for Mobile Developers Kasey Chappelle http://www.vodafone.com/start/privacy.html Ricardo Varela http://twitter.com/phobeo OverTheAir 2010 image borrowed from http://xkcd.com
What is Privacy?  The ability of individuals to know of, and to express choice and control over how information about them is collected, shared and used
Why should I care?  Your users (increasingly) care  The press loves a privacy story  Regulators are watching
Some defnitions: Personal Information  Data relating to an identifed or identifable individual, for example: ● collected via an application UI ● gathered indirectly from  To be identifed, an user's device individual doesn't need to ● gathered from user's be called by name, their behaviour information may be associated to a unique ● generated by the user identifer
Some defnitions: Location data  Information that identifes the geographical location of a user's device, which may include GPS coordinates, cell id info, wif essids or other less granular data such as town or region
Some defnitions: Active Consent  Affrmative indication of agreement by the user to a specifc and notifed use of their personal information. Must be captured in a way in which consent is not the default option.
About Transparency, Choice and Control
Be transparent  Tell your user who you are, what personal information your app will use and why, and who else you might share it with
Be transparent A good place to put this is in your privacy policy, clearly linked from the app
Be transparent A good place to put this is in your privacy policy, clearly linked from the app
Be transparent Remember that just teling the user WHAT you need doesn't tell them WHY you need it
Be transparent Remember that just teling the user WHAT you need doesn't tell them WHY you need it
No surreptitious data collection  Before users activate the app, make them aware of features that might affect their privacy  Eg: don't access/use location data without letting them know
No surreptitious data collection Remember that there is some data you may have access to even without specifc APIs or prompting (for example, location from their IP) and inform your user if you intend to use it too
Identify yourself  Users must know who is using their personal information so they can exercise their rights to access, correct and delete information.  That info can be included in the application itself
Identify yourself Can the user easily fnd contact information inside the app?
Identify yourself Can the user easily fnd contact information inside the app?
Minimize the info collected  The application should collect and use only the info required for its normal operation and other legitimate uses (e.g., consent, required by law)
Minimize the info collected Do you really need all that information?
Gain their consent  Sometimes (but not always) users will need to give active consent to use of their information: secondary purposes, public display, sharing with third parties or remote/persistent storage
Gain their consent Will the users be aware I'm about to do this action with their data?
Gain their consent Will the users be aware I'm about to do this action with their data?
Help them choose  Make users aware of the privacy-related default settings and allow them to exercise their privacy choices (in an easy way)  You can help a user decide by showing the consequences of the actions being proposed
Help them choose Do users understand what they are allowing you to do?
Beware of the blanket  Whenever you access data with a blanket permission (no prompts required) be sure to show your own prompt reminding the user that this is the case, at least once and until the user confrms they want no further reminders image borrowed from http://www.starkeith.net/
No silent updates  Inform the users of material changes in the way your application will collect their data BEFORE you enable the changes. If the change is essential for the application, give them a chance to disable/exit the application
No silent updates Use whichever mechanisms your platform has to let users know what has changed
No silent updates Use whichever mechanisms your platform has to let users know what has changed
Don't facilitate stalking or surveillance  Applications should not collect, use or share data about someone other than the user except when the other party has chosen to publish that information
Don't facilitate stalking or surveillance
About Data Retention and Security
Tell them why  Inform the user why you need to retain her personal data and for how long you need to keep it (and make sure it's justifable)
Tell them why Make sure your data management policy is justifed
Explain them how you know so much  Whenever you offer results based on data mining, try not to surprise your user by providing some explanation about how their data has been used to reach those conclusions
Explain them how you know so much Let the users know what part of their information you use to minimize the surprise
Keep it secure  User data stored on the device or remotely must be stored somehow securely, for example by being encrypted (and ensuring the encryption keys are kept in a trusted environment)
Keep it secure Ensure some form of encryption when storing the users' information
Delete my data if I ask you to  Give the users a way to either delete their data themselves or contact you and ask you to delete it.
About Advertising
Not all Advertising has an impact in Privacy  When we talk Advertising here, we refer to Advertising that uses personal information, such as targeted advertising, or advertising that involves user data being send to a third party, such as embedding a third party ad tracking code
Let me know you have Ads  Let users know the application will display ads before they activate it. Additionally you can mention what to do if they don't want ads (like getting the paid-for app)
Let me know you have Ads Users should know beforehand what to expect
Let me know you have Ads Users should know beforehand what to expect
rd Give users choices about 3 parties  If you're using analytics or network advertisers, you're required by law to let users know (generally in a privacy policy) and tell them how to opt out (or get their opt in, in some countries).
rd Give users choice about 3 parties Let me opt out if I don't want to share data (and is not essential to the service)
Target advertisement using legitimate data  Avoid targeting ads using personal information which hasn't been collected for the application's primary purpose
Respect the privacy of my network  Don't spam your users' contacts - applications should not collect information about or send messages to contacts without the user's active consent
Respect the privacy of my network Don't spam my contacts
About Children and Adolescents
Age verify where possible and appropriate  If the application context requires features like social network access or displays restricted content, integrate age verifcation controls. When not possible, you can implement self-certifcation asking for a date of birth before activation of the application or feature.
Age verify where possible and appropriate If nothing else is available, self-verifcation is fne
Set privacy-protective default settings  Applications targeted at children and adolescents should will require careful treatment of social features, especially those using location.
In summary...
High Level Principles  Be transparent – don't surprise your users with unexpected data uses or sharing  Be reasonable – if you don't need data, don't collect it; if it's no longer needed, don't keep it  Give your users meaningful choices about how their data is collected, used and shared  Respond to your users' queries – in some cases, the law requires it
Thanks! :) Kasey Chappelle http://www.vodafone.com/start/privacy.html Ricardo Varela http://twitter.com/phobeo thanks to Belen Albeza (@ladybenko) for the cartoons!

Recommended

WAC Network APIs @ OverTheAir 2011
WAC Network APIs @ OverTheAir 2011WAC Network APIs @ OverTheAir 2011
WAC Network APIs @ OverTheAir 2011Ricardo Varela
 
Fazer o amor bonito
Fazer o amor bonitoFazer o amor bonito
Fazer o amor bonitoNati Sancevini
 
Blueprint talk at Open Hackday London 2009
Blueprint talk at Open Hackday London 2009Blueprint talk at Open Hackday London 2009
Blueprint talk at Open Hackday London 2009Ricardo Varela
 
Mobile mas alla de la app store: APIs y Mobile Web - MobileConGalicia 2011
Mobile mas alla de la app store: APIs y Mobile Web - MobileConGalicia 2011Mobile mas alla de la app store: APIs y Mobile Web - MobileConGalicia 2011
Mobile mas alla de la app store: APIs y Mobile Web - MobileConGalicia 2011Ricardo Varela
 
Developing network-friendly-applications
Developing network-friendly-applicationsDeveloping network-friendly-applications
Developing network-friendly-applicationsBlueVia
 
China Unicom presentation from BlueVia's #MWC 2012 event
China Unicom presentation from BlueVia's #MWC 2012 eventChina Unicom presentation from BlueVia's #MWC 2012 event
China Unicom presentation from BlueVia's #MWC 2012 eventBlueVia
 
Designing for privacy in mobile applications
Designing for privacy in mobile applicationsDesigning for privacy in mobile applications
Designing for privacy in mobile applicationsVodafone developer
 
Mobileprivacyazahir
MobileprivacyazahirMobileprivacyazahir
MobileprivacyazahirAzahir Hifzalla
 

Recommended

WAC Network APIs @ OverTheAir 2011
WAC Network APIs @ OverTheAir 2011WAC Network APIs @ OverTheAir 2011
WAC Network APIs @ OverTheAir 2011Ricardo Varela
 
Fazer o amor bonito
Fazer o amor bonitoFazer o amor bonito
Fazer o amor bonitoNati Sancevini
 
Blueprint talk at Open Hackday London 2009
Blueprint talk at Open Hackday London 2009Blueprint talk at Open Hackday London 2009
Blueprint talk at Open Hackday London 2009Ricardo Varela
 
Mobile mas alla de la app store: APIs y Mobile Web - MobileConGalicia 2011
Mobile mas alla de la app store: APIs y Mobile Web - MobileConGalicia 2011Mobile mas alla de la app store: APIs y Mobile Web - MobileConGalicia 2011
Mobile mas alla de la app store: APIs y Mobile Web - MobileConGalicia 2011Ricardo Varela
 
Developing network-friendly-applications
Developing network-friendly-applicationsDeveloping network-friendly-applications
Developing network-friendly-applicationsBlueVia
 
China Unicom presentation from BlueVia's #MWC 2012 event
China Unicom presentation from BlueVia's #MWC 2012 eventChina Unicom presentation from BlueVia's #MWC 2012 event
China Unicom presentation from BlueVia's #MWC 2012 eventBlueVia
 
Designing for privacy in mobile applications
Designing for privacy in mobile applicationsDesigning for privacy in mobile applications
Designing for privacy in mobile applicationsVodafone developer
 
Mobileprivacyazahir
MobileprivacyazahirMobileprivacyazahir
MobileprivacyazahirAzahir Hifzalla
 
Golden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyGolden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyDMI
 
Privacy on Mobile Apps
Privacy on Mobile AppsPrivacy on Mobile Apps
Privacy on Mobile AppsMays Mrayyan
 
Accenture-Informed-Consent-Data-Motion
Accenture-Informed-Consent-Data-MotionAccenture-Informed-Consent-Data-Motion
Accenture-Informed-Consent-Data-MotionSteven Tiell
 
final_writeup
final_writeupfinal_writeup
final_writeupHarrison Landis
 
Designing for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teamsDesigning for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teamsBlock Party
 
Business Marketing Your Mobile app
Business Marketing Your Mobile appBusiness Marketing Your Mobile app
Business Marketing Your Mobile app- Mark - Fullbright
 
Avoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in MarketingAvoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in MarketingTokusoudeka
 
How to Build a Privacy Program
How to Build a Privacy ProgramHow to Build a Privacy Program
How to Build a Privacy Programsecratic
 
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...NextVision Media
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSInteraktiv
 
Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2sharing notes123
 
Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2Sharing Slides Training
 
Privacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social MediaPrivacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social Mediadevbhargav1
 
Tips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptxTips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptxMyAppGurus
 
Wearable Biometrics and Data Privacy
Wearable Biometrics and Data PrivacyWearable Biometrics and Data Privacy
Wearable Biometrics and Data PrivacyBahaa Abdulhadi
 
Protection of users mobile apps
Protection of users mobile appsProtection of users mobile apps
Protection of users mobile appsioannis iglezakis
 
GDPR webinar for business leaders
GDPR webinar for business leadersGDPR webinar for business leaders
GDPR webinar for business leadersDeeson
 
How to Write a Privacy Policy For Your Blog?
How to Write a Privacy Policy For Your Blog?How to Write a Privacy Policy For Your Blog?
How to Write a Privacy Policy For Your Blog?Saikrishna Tipparapu
 
Activity 3 - Ethical Dilemma.docx
Activity 3 - Ethical Dilemma.docxActivity 3 - Ethical Dilemma.docx
Activity 3 - Ethical Dilemma.docxAmanmundey
 
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTSA BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTSInternet Law Center
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

More Related Content

Similar to Over The Air 2010: Privacy for Mobile Developers

Golden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyGolden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyDMI
 
Privacy on Mobile Apps
Privacy on Mobile AppsPrivacy on Mobile Apps
Privacy on Mobile AppsMays Mrayyan
 
Accenture-Informed-Consent-Data-Motion
Accenture-Informed-Consent-Data-MotionAccenture-Informed-Consent-Data-Motion
Accenture-Informed-Consent-Data-MotionSteven Tiell
 
Designing for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teamsDesigning for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teamsBlock Party
 
Business Marketing Your Mobile app
Business Marketing Your Mobile appBusiness Marketing Your Mobile app
Business Marketing Your Mobile app- Mark - Fullbright
 
Avoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in MarketingAvoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in MarketingTokusoudeka
 
How to Build a Privacy Program
How to Build a Privacy ProgramHow to Build a Privacy Program
How to Build a Privacy Programsecratic
 
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...NextVision Media
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSInteraktiv
 
Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2sharing notes123
 
Privacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social MediaPrivacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social Mediadevbhargav1
 
Tips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptxTips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptxMyAppGurus
 
Wearable Biometrics and Data Privacy
Wearable Biometrics and Data PrivacyWearable Biometrics and Data Privacy
Wearable Biometrics and Data PrivacyBahaa Abdulhadi
 
Protection of users mobile apps
Protection of users mobile appsProtection of users mobile apps
Protection of users mobile appsioannis iglezakis
 
GDPR webinar for business leaders
GDPR webinar for business leadersGDPR webinar for business leaders
GDPR webinar for business leadersDeeson
 
How to Write a Privacy Policy For Your Blog?
How to Write a Privacy Policy For Your Blog?How to Write a Privacy Policy For Your Blog?
How to Write a Privacy Policy For Your Blog?Saikrishna Tipparapu
 
Activity 3 - Ethical Dilemma.docx
Activity 3 - Ethical Dilemma.docxActivity 3 - Ethical Dilemma.docx
Activity 3 - Ethical Dilemma.docxAmanmundey
 
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTSA BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTSInternet Law Center
 

Similar to Over The Air 2010: Privacy for Mobile Developers (20)

Golden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyGolden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacy
 
Privacy on Mobile Apps
Privacy on Mobile AppsPrivacy on Mobile Apps
Privacy on Mobile Apps
 
Accenture-Informed-Consent-Data-Motion
Accenture-Informed-Consent-Data-MotionAccenture-Informed-Consent-Data-Motion
Accenture-Informed-Consent-Data-Motion
 
final_writeup
final_writeupfinal_writeup
final_writeup
 
Designing for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teamsDesigning for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teams
 
Business Marketing Your Mobile app
Business Marketing Your Mobile appBusiness Marketing Your Mobile app
Business Marketing Your Mobile app
 
Avoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in MarketingAvoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in Marketing
 
How to Build a Privacy Program
How to Build a Privacy ProgramHow to Build a Privacy Program
How to Build a Privacy Program
 
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMS
 
Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2
 
Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2
 
Privacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social MediaPrivacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social Media
 
Tips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptxTips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptx
 
Wearable Biometrics and Data Privacy
Wearable Biometrics and Data PrivacyWearable Biometrics and Data Privacy
Wearable Biometrics and Data Privacy
 
Protection of users mobile apps
Protection of users mobile appsProtection of users mobile apps
Protection of users mobile apps
 
GDPR webinar for business leaders
GDPR webinar for business leadersGDPR webinar for business leaders
GDPR webinar for business leaders
 
How to Write a Privacy Policy For Your Blog?
How to Write a Privacy Policy For Your Blog?How to Write a Privacy Policy For Your Blog?
How to Write a Privacy Policy For Your Blog?
 
Activity 3 - Ethical Dilemma.docx
Activity 3 - Ethical Dilemma.docxActivity 3 - Ethical Dilemma.docx
Activity 3 - Ethical Dilemma.docx
 
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTSA BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
 

Recently uploaded

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 

Recently uploaded (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 

Over The Air 2010: Privacy for Mobile Developers

  • 1. Privacy for Mobile Developers Kasey Chappelle http://www.vodafone.com/start/privacy.html Ricardo Varela http://twitter.com/phobeo OverTheAir 2010 image borrowed from http://xkcd.com
  • 2. What is Privacy?  The ability of individuals to know of, and to express choice and control over how information about them is collected, shared and used
  • 3. Why should I care?  Your users (increasingly) care  The press loves a privacy story  Regulators are watching
  • 4. Some defnitions: Personal Information  Data relating to an identifed or identifable individual, for example: ● collected via an application UI ● gathered indirectly from  To be identifed, an user's device individual doesn't need to ● gathered from user's be called by name, their behaviour information may be associated to a unique ● generated by the user identifer
  • 5. Some defnitions: Location data  Information that identifes the geographical location of a user's device, which may include GPS coordinates, cell id info, wif essids or other less granular data such as town or region
  • 6. Some defnitions: Active Consent  Affrmative indication of agreement by the user to a specifc and notifed use of their personal information. Must be captured in a way in which consent is not the default option.
  • 8. Be transparent  Tell your user who you are, what personal information your app will use and why, and who else you might share it with
  • 9. Be transparent A good place to put this is in your privacy policy, clearly linked from the app
  • 10. Be transparent A good place to put this is in your privacy policy, clearly linked from the app
  • 11. Be transparent Remember that just teling the user WHAT you need doesn't tell them WHY you need it
  • 12. Be transparent Remember that just teling the user WHAT you need doesn't tell them WHY you need it
  • 13. No surreptitious data collection  Before users activate the app, make them aware of features that might affect their privacy  Eg: don't access/use location data without letting them know
  • 14. No surreptitious data collection Remember that there is some data you may have access to even without specifc APIs or prompting (for example, location from their IP) and inform your user if you intend to use it too
  • 15. Identify yourself  Users must know who is using their personal information so they can exercise their rights to access, correct and delete information.  That info can be included in the application itself
  • 16. Identify yourself Can the user easily fnd contact information inside the app?
  • 17. Identify yourself Can the user easily fnd contact information inside the app?
  • 18. Minimize the info collected  The application should collect and use only the info required for its normal operation and other legitimate uses (e.g., consent, required by law)
  • 19. Minimize the info collected Do you really need all that information?
  • 20. Gain their consent  Sometimes (but not always) users will need to give active consent to use of their information: secondary purposes, public display, sharing with third parties or remote/persistent storage
  • 21. Gain their consent Will the users be aware I'm about to do this action with their data?
  • 22. Gain their consent Will the users be aware I'm about to do this action with their data?
  • 23. Help them choose  Make users aware of the privacy-related default settings and allow them to exercise their privacy choices (in an easy way)  You can help a user decide by showing the consequences of the actions being proposed
  • 24. Help them choose Do users understand what they are allowing you to do?
  • 25. Beware of the blanket  Whenever you access data with a blanket permission (no prompts required) be sure to show your own prompt reminding the user that this is the case, at least once and until the user confrms they want no further reminders image borrowed from http://www.starkeith.net/
  • 26. No silent updates  Inform the users of material changes in the way your application will collect their data BEFORE you enable the changes. If the change is essential for the application, give them a chance to disable/exit the application
  • 27. No silent updates Use whichever mechanisms your platform has to let users know what has changed
  • 28. No silent updates Use whichever mechanisms your platform has to let users know what has changed
  • 29. Don't facilitate stalking or surveillance  Applications should not collect, use or share data about someone other than the user except when the other party has chosen to publish that information
  • 30. Don't facilitate stalking or surveillance
  • 31. About Data Retention and Security
  • 32. Tell them why  Inform the user why you need to retain her personal data and for how long you need to keep it (and make sure it's justifable)
  • 33. Tell them why Make sure your data management policy is justifed
  • 34. Explain them how you know so much  Whenever you offer results based on data mining, try not to surprise your user by providing some explanation about how their data has been used to reach those conclusions
  • 35. Explain them how you know so much Let the users know what part of their information you use to minimize the surprise
  • 36. Keep it secure  User data stored on the device or remotely must be stored somehow securely, for example by being encrypted (and ensuring the encryption keys are kept in a trusted environment)
  • 37. Keep it secure Ensure some form of encryption when storing the users' information
  • 38. Delete my data if I ask you to  Give the users a way to either delete their data themselves or contact you and ask you to delete it.
  • 40. Not all Advertising has an impact in Privacy  When we talk Advertising here, we refer to Advertising that uses personal information, such as targeted advertising, or advertising that involves user data being send to a third party, such as embedding a third party ad tracking code
  • 41. Let me know you have Ads  Let users know the application will display ads before they activate it. Additionally you can mention what to do if they don't want ads (like getting the paid-for app)
  • 42. Let me know you have Ads Users should know beforehand what to expect
  • 43. Let me know you have Ads Users should know beforehand what to expect
  • 44. rd Give users choices about 3 parties  If you're using analytics or network advertisers, you're required by law to let users know (generally in a privacy policy) and tell them how to opt out (or get their opt in, in some countries).
  • 45. rd Give users choice about 3 parties Let me opt out if I don't want to share data (and is not essential to the service)
  • 46. Target advertisement using legitimate data  Avoid targeting ads using personal information which hasn't been collected for the application's primary purpose
  • 47. Respect the privacy of my network  Don't spam your users' contacts - applications should not collect information about or send messages to contacts without the user's active consent
  • 48. Respect the privacy of my network Don't spam my contacts
  • 49. About Children and Adolescents
  • 50. Age verify where possible and appropriate  If the application context requires features like social network access or displays restricted content, integrate age verifcation controls. When not possible, you can implement self-certifcation asking for a date of birth before activation of the application or feature.
  • 51. Age verify where possible and appropriate If nothing else is available, self-verifcation is fne
  • 52. Set privacy-protective default settings  Applications targeted at children and adolescents should will require careful treatment of social features, especially those using location.
  • 54. High Level Principles  Be transparent – don't surprise your users with unexpected data uses or sharing  Be reasonable – if you don't need data, don't collect it; if it's no longer needed, don't keep it  Give your users meaningful choices about how their data is collected, used and shared  Respond to your users' queries – in some cases, the law requires it
  • 55. Thanks! :) Kasey Chappelle http://www.vodafone.com/start/privacy.html Ricardo Varela http://twitter.com/phobeo thanks to Belen Albeza (@ladybenko) for the cartoons!