On Tuesday, the FTC simultaneously released a “Mobile Health App Interactive Tool” and “Best Practices,” to help mobile health app developers navigate the maze of federal regulation, including data privacy regulation. The tool walks developers through a series of high level questions about the nature of their app, and uses the answers to those questions to point them towards guidance that might apply to their product.
FTC’s newly released business guidance similarly poses question to developers. Like much FTC privacy guidance, it encourages developers to only collect the data that they need, secure that data, and keep consumers informed about their data collection, retention, and sharing policies. The “FTC Best Practices” also recognize some of the issues unique to the mobile industry. For example, the FTC advises developers to consider whether apps should access user information that is not necessary to the functioning of the app. A jogging app, the guidance notes, may not need to access a user’s contacts. Focusing on intuitive communication through the mobile medium, the guidance also suggests that developers inform users about data usage both when users purchase the app and when the app is about the collect the data. These new guidance documents provide a solid roadmap for developers hoping to steer clear of enforcement actions.