principles of mobile privacy and policy guidelines .it also include regulatory framework and mobile applications privacy by design developmenet modules
2. Policy aspects of mobile privacy
• General privacy policy is a comprehensive statement of
a company’s or organization’s policies and practices
related to an application, covering the accessing,
collecting, using, disclosing, sharing, and otherwise
handling of personally identifiable data.
• Privacy controls are settings available within an app or
an operating system that allow users to make or revise
choices offered in the general privacy policy about the
collection of their personal identifiable data
3. Policy aspects of mobile privacy
Personally identifiable data are any data linked to a person or persistently
linked to a mobile device: data that can identify a person via personal
information or a device via a unique identifier. Included are user-entered
data, as well as automatically collected data
Sensitive information is personally identifiable data about which users are
likely to be concerned, such as precise geo-location; financial and medical
information; passwords; stored information such as contacts, photos, and
videos; and children’s information.
4. Types of Regulatory
frameworks of privacy
Omnibus privacy law
It is not sector specific as it apply to mobile internet the same way it
apply to other platforms and companies
omnibus law and a sector-specific law
privacy requirements exists for all sectors and then additional
requirements for providers of communications services exists that
is primarily relates to confidentiality
separate sectoral laws
Those covering telecommunications privacy, and for example,
health data, credit data, etc.
sectoral law AND a license obligation with a confidentiality or
privacy obligations
5. Data anonymization and pseudonymisation
There is an increased regulatory efforts to promote data anonymization and
pseudonymisation
Data anonymization is the process of either encrypting or removing
personally identifiable information from data sets, so that the people whom
the data describe remain anonymous.
Data Pseudonymization is a data management and de-identification
procedure by which personally identifiable information fields within a data
record are replaced by one or more artificial identifiers, or pseudonyms.
6. High-level Privacy Principles
This includes the following 9 principle
1. Openness, Transparency and Notice
2. Purpose and Use
3. User Choice and Control
4. Data Minimization and Retention
5. Respect User Rights
6. Security
7. Education
8. Children and Adolescents
9. Accountability and Enforcement
7. Privacy by design
Privacy by design is an approach to projects that
promotes privacy and data protection compliance
from the start
It is embedded into the design and architecture of IT
systems and business practices. It is not bolted on as
an add-on, after the fact. The result is that privacy
becomes an essential component of the core
functionality being delivered. Privacy is integral to the
system, without diminishing functionality.
Privacy by Design extends to a “Trilogy” of
encompassing applications: 1) IT systems; 2)
accountable business practices; and 3) physical design
and networked infrastructure.
8. Mobile applications privacy by design
development modules and guidelines
It has four modules
1- location
2- mobile advertisement
3-social networks and social media
4-Children and adolescents
9. 1-Location Privacy in Mobile Systems
Advances in sensing and tracking technologies create new opportunities
for location-based applications but they also create significant privacy risk
It is the risk that an adversary learns the locations that a subject visited, as
well as times during which these visits took place through which they can
receive private information such as political affiliations, alternative
lifestyles, or medical problems
Even when a subject does not disclose her identity at a private location, an
adversary may still gain this information through location tracking or
space and time correlation inference. In case that a subject is identified at
any point, her complete movements can also be exposed
10. Cond -Location Privacy in Mobile Systems
Location-enabled applications must provide clear notice, before a
user’s location is accessed or collected , about:
• what location data an application intends to access (e.g., cell ID,
GPS, village or town)
• how the data will be used
• whether data will be kept and how long for
• who location data will be shared with.
Some uses of location data require giving users additional privacy
information and getting their active consent.
11. 2-Mobile advertising privacy
It is assumed that technological design, which is in line with the legal framework,
will ensure that the benefits of mobile advertising and the consumer willingness to
accept mobile advertising will increase.
The general guidelines that govern mobile advertising privacy are :
Users should be informed that the application is ad-supported before they
download and/or activate the application
User consent is essential . Capture appropriate agreement to target advertising to a
user.
Target based on legitimately collected data.
Respect privacy when viral marketing.
Ensure content is appropriate
12. 3-Social networking and social media
privacy
Socially enabled applications allow users to connect to and share
information with a community of other users or the general public.
As facebook founder stated (“People have really gotten comfortable
not only sharing more information and different kinds, but more
openly and with more people. That social norm is just something that
has evolved over time.”
two main types of attacks exists in social networks :
o attacks that exploit the implicit trust embedded in declared social
relationships
o attacks that harvest user’s personal information for ill-intended use.
13. Children and adolescents privacy
They might know how to use applications but lack the maturity to appreciate the
wider social and personal consequences of revealing their personal information or
allowing others to collect and use it.
The general guidelines set by GSMA are :
1. Tailor applications to appropriate age ranges
2. Set privacy protective default settings
3. Comply with laws on the protection of children.
4. Age verify where possible and appropriate