The document outlines key principles for mobile developers regarding user privacy, emphasizing the importance of transparency, consent, and minimizing data collection. It advises developers to clearly communicate what personal information is collected, why it is needed, and to provide users with choices about their data. Additionally, it highlights the need to secure user data, avoid silent updates, and respect users' privacy and rights when it comes to advertising and third-party data sharing.

1. Privacy for Mobile Developers
Kasey Chappelle
http://www.vodafone.com/start/privacy.html
Ricardo Varela
http://twitter.com/phobeo
OverTheAir 2010
image borrowed from http://xkcd.com

2. What is Privacy?

The ability of individuals to know of, and to
express choice and control over how information
about them is collected, shared and used

3. Why should I care?

Your users (increasingly) care

The press loves a privacy story

Regulators are watching

4. Some defnitions: Personal Information

Data relating to an
identifed or identifable
individual, for example:
●
collected via an
application UI
●
gathered indirectly from 
To be identifed, an
user's device individual doesn't need to
●
gathered from user's be called by name, their
behaviour information may be
associated to a unique
●
generated by the user identifer

5. Some defnitions: Location data

Information that
identifes the
geographical location
of a user's device,
which may include
GPS coordinates, cell
id info, wif essids or
other less granular
data such as town or
region

6. Some defnitions: Active Consent

Affrmative indication
of agreement by the
user to a specifc and
notifed use of their
personal information.
Must be captured in a
way in which consent
is not the default
option.

7. About Transparency, Choice and
Control

8. Be transparent

Tell your user who you are, what personal
information your app will use and why, and who
else you might share it with

9. Be transparent
A good place to put this
is in your privacy policy,
clearly linked from the
app

10. Be transparent
A good place to put this
is in your privacy policy,
clearly linked from the
app

11. Be transparent
Remember that just
teling the user WHAT you
need doesn't tell them
WHY you need it

12. Be transparent
Remember that just
teling the user WHAT you
need doesn't tell them
WHY you need it

13. No surreptitious data collection

Before users activate the app, make them aware
of features that might affect their privacy

Eg: don't access/use location data without letting
them know

14. No surreptitious data collection
Remember that there is some data you may have
access to even without specifc APIs or prompting
(for example, location from their IP) and inform your
user if you intend to use it too

15. Identify yourself

Users must know who is using their personal
information so they can exercise their rights to
access, correct and delete information.

That info can be included in the application itself

16. Identify yourself
Can the user easily fnd
contact information
inside the app?

17. Identify yourself
Can the user easily fnd
contact information
inside the app?

18. Minimize the info collected

The application should collect and use only the
info required for its normal operation and other
legitimate uses (e.g., consent, required by law)

19. Minimize the info collected
Do you really need
all that information?

20. Gain their consent

Sometimes (but not always) users will need to
give active consent to use of their information:
secondary purposes, public display, sharing with
third parties or remote/persistent storage

21. Gain their consent
Will the users be aware
I'm about to do this
action with their data?

22. Gain their consent
Will the users be aware
I'm about to do this
action with their data?

23. Help them choose

Make users aware of the privacy-related default
settings and allow them to exercise their privacy
choices (in an easy way)

You can help a user decide by showing the
consequences of the actions being proposed

24. Help them choose
Do users understand
what they are allowing
you to do?

25. Beware of the blanket

Whenever you access data with a blanket
permission (no prompts required) be sure to
show your own prompt reminding the user that
this is the case, at least once and until the user
confrms they want no further reminders
image borrowed from http://www.starkeith.net/

26. No silent updates

Inform the users of material changes in the way
your application will collect their data BEFORE
you enable the changes. If the change is
essential for the application, give them a chance
to disable/exit the application

27. No silent updates
Use whichever
mechanisms your
platform has to let users
know what has changed

28. No silent updates
Use whichever
mechanisms your
platform has to let users
know what has changed

29. Don't facilitate stalking or surveillance

Applications should not collect, use or share data
about someone other than the user except when
the other party has chosen to publish that
information

30. Don't facilitate stalking or surveillance

31. About Data Retention and Security

32. Tell them why

Inform the user why you need to retain her
personal data and for how long you need to keep
it (and make sure it's justifable)

33. Tell them why
Make sure your data
management policy is
justifed

34. Explain them how you know so much

Whenever you offer results based on data
mining, try not to surprise your user by providing
some explanation about how their data has been
used to reach those conclusions

35. Explain them how you know so much
Let the users know what
part of their information
you use to minimize the
surprise

36. Keep it secure

User data stored on the device or remotely must
be stored somehow securely, for example by
being encrypted (and ensuring the encryption
keys are kept in a trusted environment)

37. Keep it secure
Ensure some form of
encryption when storing
the users' information

38. Delete my data if I ask you to

Give the users a way to either delete their data
themselves or contact you and ask you to delete
it.

39. About Advertising

40. Not all Advertising has an impact in
Privacy

When we talk Advertising here, we refer to
Advertising that uses personal information, such
as targeted advertising, or advertising that
involves user data being send to a third party,
such as embedding a third party ad tracking
code

41. Let me know you have Ads

Let users know the application will display ads
before they activate it. Additionally you can
mention what to do if they don't want ads (like
getting the paid-for app)

42. Let me know you have Ads
Users should know
beforehand what to
expect

43. Let me know you have Ads
Users should know
beforehand what to
expect

44. rd
Give users choices about 3 parties

If you're using analytics or network advertisers,
you're required by law to let users know
(generally in a privacy policy) and tell them how to
opt out (or get their opt in, in some countries).

45. rd
Give users choice about 3 parties
Let me opt out if I don't
want to share data (and
is not essential to the
service)

46. Target advertisement using legitimate
data

Avoid targeting ads using personal information
which hasn't been collected for the application's
primary purpose

47. Respect the privacy of my network

Don't spam your users' contacts - applications
should not collect information about or send
messages to contacts without the user's active
consent

48. Respect the privacy of my network
Don't spam my contacts

49. About Children and Adolescents

50. Age verify where possible and
appropriate

If the application context requires features like
social network access or displays restricted
content, integrate age verifcation controls. When
not possible, you can implement self-certifcation
asking for a date of birth before activation of the
application or feature.

51. Age verify where possible and
appropriate
If nothing else is
available, self-verifcation
is fne

52. Set privacy-protective default settings

Applications targeted at children and adolescents
should will require careful treatment of social
features, especially those using location.

53. In summary...

54. High Level Principles

Be transparent – don't surprise your users with
unexpected data uses or sharing

Be reasonable – if you don't need data, don't
collect it; if it's no longer needed, don't keep it

Give your users meaningful choices about how
their data is collected, used and shared

Respond to your users' queries – in some cases,
the law requires it

55. Thanks! :)
Kasey Chappelle
http://www.vodafone.com/start/privacy.html
Ricardo Varela
http://twitter.com/phobeo
thanks to Belen Albeza (@ladybenko) for
the cartoons!