Yesterday, at our second clinic of the year, we hosted 180 member brand executives at NYU Stern and delivered a half-day educational experience on the topic of Social CRM. One of our featured speakers was Steven Roosa, a lawyer and partner at Holland & Knight and co-chair of the firm’s Data Privacy and Security Team. Speaking on the opportunities and legal risks associated with capturing and using mobile app data, Roosa, also a fellow at Princeton’s Center for Information Technology Policy (CITP), gave a data-rich and insightful presentation on this important yet under-reported facet of the Social CRM conversation. For those who were not in the audience yesterday, here below are some highlights from Roosa’s talk, as well as links to resources he believes brands, app developers, and anyone else involved in the mobile data space should read.
It’s important to first understand where the legal line is–something most brand executives, marketers and app developers understandably don’t know. A very real danger for brands is that with new platforms and apps being introduced so often and so quickly, legal boundaries are something of a moving target. For this reason, Roosa explains, Section 5 of the Federal Trade Commission Act is broadly and flexibly drafted as: “unfair or deceptive acts or practices in or affecting commerce.” In this context, deceptive is defined as, “material representation or omission that is likely to mislead consumers acting reasonably under the circumstance.” Unfairness, on the other hand, is defined as “practices that cause or are likely to cause substantial injury to consumers that are not outweighed by countervailing benefits to consumers or competition, and that are not reasonably avoidable by consumers.”
Something users and companies alike often aren’t aware of, according to Roosa, is that similar to network traffic, accessing apps’ local storage–or even deleting it–requires specialized software. Both iOS and Android make almost all local storage inaccessible to users. To crack the local storage code, Roosa said it can take four different programs (or more). To demonstrate what the data can look like once inside the app storage, Roosa demonstrated with his CNN app. Once inside, he could see every single click he’d ever made while using the app. Every article he’d read, every social media share he’d registered, and so forth. For brands, the presentation was both exciting (so much data!) and worrying (what exactly can we and can’t we do with that information?). To help the audience understand how to navigate this field, which, he admitted would likely only get more complicated in the future, he provided a robust reading list. See below.
Recommended legal reading:
“Mobile Privacy Disclosures: Building Trust Through Transparency” (February 2013)
“Mobile App Developers: Start with Security” (February 2013)
“Marketing Your Mobile App: Get it Right from the Start” (August 2012)
“Protecting Consumer Privacy in an Era of Rapid Change” (March 2012)
Recommended best practices reading:
“Mobile Privacy Principles” (March 2012)
“Mobile User Privacy Bill of Rights” (March 2012)
“Best Practices for Mobile Applications Developers” (December 2011)
“Web Application Privacy Best Practices” (July 2012)