Developer Resources

The Developer Privacy Resource Guide is a collection of links for developers seeking to find more information about privacy regulations, industry standards, and resources.*

*LEGAL DISCLAIMER: The information contained herein is for general guidance only and should not be construed as legal advice. Accordingly, no attorney client relationship is created through the use of this site, and users shall not rely on the information provided herein as a substitute for professional legal consultation. While we strive to ensure that the information contained in this site has been obtained from reliable sources, the Privacy and Technology Project, the Institute for Innovation Law and the University of California Hastings College of the Law are not responsible for any errors or omissions, or for any results obtained from the use of this information. Further, given the changing nature of laws, rules and regulations, we encourage you to consult legal counsel regarding this information.

APPLICATION PRIVACY LAW, FRAMEWORKS, & BEST PRACTICES

I.      App Privacy Legislation

                    A.   Federal App Privacy Bills and Proposed Legislation        

                                       1.  AppRights.us – Office of Congressman Hank Johnson

                                       i.   The Application Privacy, Protection, and Security (APPS) Act of 2013 
                                            (Bill introduced in House in May 2013; referred to House Subcommittee
                                            and pending further action)

                                       2.  The Future of Privacy Forum

                                       i.   Which Privacy Laws Apply to App Developers? (2011)

                    B.   State of California

                                       1.  Online Privacy Protection Act (CalOPPA) of 2003, amended 2013

                                       i.   For further reference, please consult the following resources by the
                                            Consumer Federation of California:
                                            http://consumercal.org/california-online-privacy-protection-act-caloppa/
                                            http://consumercal.org/assembly-bill-370-amends-caloppa/

                                       2.  Data Breach & Notification Statute, S.B. 1386 (2002), amended 2014

                                       i.   Codified in Cal. Civ. Code §§ 1798.29, 1798.82
                                       ii.  
Assembly Bill No. 1710 – 2014 amendments relating to personal
                                            informational privacy
                                       iii. 
Discussion of California Breach Law                                                                            

II.     Government – App Privacy Frameworks & Guidance

                    A.   United States

                                       1.  Federal Trade Commission (FTC)

                                       i.   Start with Security: A Guide for Business (2015)
                                       ii.  What’s the Deal? An FTC Study on Mobile Shopping Apps (2014)
                                       iii. Mobile App Developers: Start with Security (2013)
                                       iv. Mobile Privacy Disclosures: Building Trust Through Transparency (2013)
                                       v.  .com Disclosures: How to Make Effective Disclosures in Digital
                                            Advertising (2013)
                                       vi. Marketing Your Mobile App: Getting it Right from the Start (2013)
                                       vii. Mobile Apps for Kids: Current Privacy Disclosures are Dis”app”ointing
                                             (2012)
                                       viii. Protecting Consumer Privacy in an Era of Rapid Change: A Proposed
                                             Framework for Business and Policy Makers (2010)

                                       2.  Department of Commerce Green Paper

                                       i.   Privacy Multistakeholder Process: Mobile Application Transparency
                                            – Short Form Notice Code of Conduct to Promote Transparency in
                                            Mobile App Practices (2013 Draft Publication)
                                       ii.  NTIA Mobile App Transparency – User Interface Compositions (2013)
                                       iii. Commercial Data Privacy & Innovation in the Internet Economy:
                                            A Dynamic Policy Framework (2010)

                                       3.  California Attorney General’s Office

                                      i.   Making Your Privacy Practices Public (2014)
                                      ii.  Privacy on the Go: Recommendations for the Mobile Ecosystem (2013)

                     4.  National Institute of Standards and Technology (NIST)

                                      i.   Privacy Engineering Objectives and Risk Model – Discussion Deck
                                           for Federal Agencies (2014)
                                     ii.   Privacy Engineering Risk Model for Federal Agencies – Webcast Q&A (2014)

                    B.   European Union

                                       1.  Article 29 Data Protection Working Party (EU advisory board on data
                                            protection and privacy)

                                      i.   Opinion 02/2013 on Apps on Smart Devices (2013)

                                       2.  UK Information Commissioner’s Office

                                      i.   Privacy in Mobile Apps: Guidance for App Developers (2013)

                    C.   Canada

                                       1.  Office of the Privacy Commissioner of Canada

                                      i.   Seizing Opportunity: Good Privacy Practices for Developing
                                           Mobile Apps (2012)

                                       2.  The Office of the Information and Privacy Commissioner (IPC) of Ontario

                                      i.   IPC of Ontario & Aislelabs, Building Privacy into Mobile Location
                                            Analytics (MLA) Through Privacy by Design (2014)

                                      ii.  IPC of Ontario & Arizona State University, Privacy by Design Lab,
                                           The Roadmap for Privacy by Design in Mobile Communications: A
                                           Practical Tool for Developers, Service Providers, and Users (2010)


III.   Industry Groups – App Privacy Best Practices

                    A.   Groupe Speciale Mobile Association (GSMA)

                                       1.  Accountability Framework for the Implementation of the GSMA Privacy
                                            Design Guidelines for Mobile App Development (with EU focus) (2013)

                                       2.  Privacy Design Guidelines for Mobile Application Development (2012)

                                       3.  Further resources available at GSMA’s Mobile and Privacy page
                                            http://www.gsma.com/publicpolicy/mobile-and-privacy/resources

                    B.   Mobile Marketing Association (MMA)

                                       1.  Mobile Application Privacy Policy Framework (2011)

                    C.   Digital Advertising Alliance (DAA)

                                       1.  Application of Self-Regulatory Principles to the Mobile Environment (2013)


IV.    Consumer Advocacy Groups – App Privacy Best Practices

                    A.   The Future of Privacy Forum (FPF) & Center for Democracy
                           and Technology (CDT)

                                           1.  Best Practices for Mobile App Developers (2011)

                    B.   Privacy Rights Clearinghouse (PRC)

                                           1.  Privacy in the Age of the Smartphone (2015)

                    C.   World Wide Web Consortium (W3C)

                                           1.  Web Application Privacy Best Practices (2012)

                    D.   Electronic Frontier Foundation (EFF)     

                                           1.  Mobile Bill of Rights (2012)


V.     Corporate – App Privacy Best Practices

                    A.   Mozilla

                                           1.  Privacy Tips for Designing Apps (2014)

                    B.   Microsoft

                                           1.  Privacy Guidelines for Developing Software Products and Services
                                                (v. 3.1) (2008)

                    C.   Lookout Mobile Security

                                           1.  Mobile App Advertising Guidelines: A Framework for Encouraging
                                                Innovation While Protecting User Privacy (2012)

                    D.   Create with Context, Future of Privacy Forum, Visa, and Yahoo!

                                           1.  13 Actions/Design for Trust: The Mobile Initiative (2012)


VI.    Mobile App Privacy Certifications

                    A.   Entertainment Software Ratings Board (ESRB)

                                           1.  ESRB Privacy Certification Programs (for video game apps)

                                           2.  ESRB Monitoring & Consulting Services

                    B.   SocialWellth

                                           1.  mwellth Certification (for mobile health apps)

                    C.   Gigya

                                           1.  Social Privacy Certification Program (for COPPA and social network
                                                compliance)

                                      i.   For further reference, please consult the following resource 

                    D.   TRUSTe

                                           1.  TRUSTe Mobile Privacy Certification Programs


READING MATERIALS