NTIA Multistakeholder Process on Privacy in Mobile Apps Turning Toward Substantive Issues
In an effort to implement the Obama Administration's “Blueprint for Consumer Privacy,” the National Telecommunications and Information Administration (NTIA) in July launched a series of “multistakeholder meetings” on mobile app privacy. NTIA hopes that this process will culminate in a privacy self-regulatory “code of conduct” acceptable to a wide range of stakeholders. After several months of preliminaries, it appears that the process will soon turn to substantive issues.
As the NTIA had never before conducted a multistakeholder process such as this, perhaps unsurprisingly the effort has had a slow start. NTIA commissioned the services of a professional facilitator to manage the first few meetings. The meetings then paused for a while to allow time for a series of “technical briefings” on data collection by mobile apps and on the business models and financial choices facing app developers.
Briefings were hosted throughout September by groups as disparate as the World Privacy Forum and the Future of Privacy Forum, the Association for Competitive Technology and the Direct Marketing Association. These briefings covered technical aspects of data collection by apps and related permissions. They also reviewed the business model choices that face mobile app developers, the role of analytics and factors that affect the business decision whether to collect and use personally identifiable information. One briefing was devoted to self-regulatory plans that have been developed in recent years. The purpose of these briefings was to develop a common level of understanding among the participants.
With the completion of these briefings, the process should turn to more substantive issues through the autumn. Stakeholders are likely to work both through smaller working groups and occasional meetings of all interested participants hosted by NTIA, the next of which should occur in October.
One of the early tasks is likely to be the development of a workable definition of a “mobile app,” seemingly a necessary prerequisite to defining the scope of any code of conduct that may emerge from the process. Other difficult issues, such as what data apps can collect, and under what conditions, likely will also be hashed out over the coming months.