On September 5, 2012, the Federal Trade Commission issued guidelines for mobile app developers entitled “Marketing Your Mobile App: Get It Right from the Start.” The guidelines are largely a distillation of the FTC’s previously expressed views on a range of topics that have relevance to the mobile app space. They are summarized below:

Truthful Advertising:

  • “Tell the truth about what your app can do.” An app developer should be able to substantiate the claims it makes about its app.
  • “Disclose key information clearly and conspicuously.” If an app developer needs to disclose information to make what it says accurate, its disclosures have to be “clear and conspicuous.” Burying key facts in “dense blocks of legal mumbo jumbo” is insufficient.

Privacy:

  • “Build privacy considerations in from the start.” The FTC reiterates its desire for a “privacy by design” approach to app development.
  • “Be transparent about your data practices.” An app developer should explain what information it collects through its app and what it does with the information.
  • “Offer choices that are easy to find and easy to use.” The FTC recommends providing user-friendly “privacy settings, opt-outs, or other ways for users to control how their personal information is collected and shared.”
  • “Honor your privacy promises.” The guidelines focus not only on representations made in privacy notices but also on what app developers say about their privacy settings.
  • “Protect kids’ privacy.” The Children’s Online Privacy Protection Act (“COPPA”) and the FTC’s COPPA Rule apply to mobile apps in the same way they apply to websites.
  • “Collect sensitive information only with consent.” Articulating a concept of sensitivity, the FTC says “it’s important to get users’ affirmative OK before you collect any sensitive data from them, like medical, financial, or precise geolocation information.”
  • “Keep user data secure.” The FTC states that developers must honor any security-related promises they make and in any case provide reasonable security for the data they collect.