California once again is looking to flex its muscles as a trend-setter in national politics and policy – this time in the area of protecting consumer privacy in the rapidly accelerating era of mobile commerce and Big Data.

Attorney General Kamala Harris – the top legal officer in a state that is home to Silicon Valley’s internationally renowned innovation in online and mobile commerce – issued a policy paper last week that provides important clues about how national discussions about mobile privacy are likely to unfold. The 22-page report – “Privacy on the Go: Recommendations for the Mobile Ecosystem” – comes nine months after the Federal Trade Commission released its two-year privacy study that mapped out key principles to make privacy the “default setting.”

As I noted at the time, the message to the industry from the FTC’s report was clear: If you don’t protect individual privacy, government will. The message from the California policy is equally noteworthy: If the issue bogs down in Washington, California will pick up the pace. The issue is of timely and critical importance because best practices in mobile commerce are still in their infancy. Players of all types – app developers, platform developers, mobile advertisers, mobile carriers, device makers, and others – are wrestling with how to stimulate innovation and mobile commerce without scaring off customers who recognize that businesses and governments have the ability to collect and study what they buy, where they go, how much they spend, and what they crave.

It is important to note that the Attorney General is not writing or proposing new laws. Instead, Harris is pointing to her plan to apply the 2004 California Online Privacy Protection Act about “online services” to the realm of mobile commerce. Last October, Harris notified about 100 mobile-app developers that they were out of compliance – then sued Delta Airlines in December, alleging it lacks an appropriate privacy policy. She also succeeded in 2012 in persuading leading players such as Amazon, Apple, Google and Facebook to adopt a “joint statement of principles” that enables consumers to review an app’s privacy policy in the app store before downloading the app.

To date, entrepreneurs in Silicon Valley and the tech industry in general have chosen to take an “opt out” approach that requires consumers to understand and evaluate their risks. To the industry, an “opt in” approach puts profitability at risk because it is hard to overcome consumers’ anxiety, their lack of understanding, and their practical desire to avoid dealing with legal details. The California attorney general’s approach acknowledges and assents to the industry’s preference for the opt-out approach but seeks to empower consumers with more information and control over their data. Among the key recommendations specifically aimed at app developers, platform providers, mobile ad networks, operating system developers, and mobile carriers:

  • Don’t surprise your users. The goal is to avoid that sense of betrayal that consumers feel when they learn of unsettling data practices after a problem or news story hits – and suffering a backlash as Instagram did in December. The attorney general’s “surprise minimization” approach involves supplementing the general privacy policy with “enhanced measures” to alert users and give them control over data practices that are not related to the app’s basic functionality or that involve sensitive personal data.
  • Don’t collect unnecessary data in the first place. Avoid or limit the collection of data that’s not relevant to the basic functionality.
  • Be transparent. Write a clear, easy-to-find privacy policy. Post privacy policies in the app store so consumers can review them before they attempt to download apps, and provide privacy policies to app developers you partner with. Educate consumers about mobile privacy, including child privacy.
  • Advise customers repeatedly and meaningfully. Provide “special notices” that flag customers’ attention to privacy controls and enable them to make “meaningful choices” about safeguarding their data.
  • Don’t insinuate yourself on the consumers’ phones surreptitiously. The attorney general advises ad networks to avoid modifying a consumer’s browser settings or placing icons on their phone.
  • Give consumers easier controls. The attorney general urges developers of operating systems to create easy-to-use one-stop settings that enable users to control what data multiple apps can access.

Complying with policies like this will address the legal part of the problem that involves prosecutors like the California attorney general. It is equally important to win in the court of public opinion when mistakes happen and companies seek to limit damage to their brands. Part of that answer is to proactively build trust among customers that can endure those episodes – a topic Javelin covered in “10 Trends for Financial Services in 2013.”


About Mark Schwanhausser

Mark strategizes how financial institutions can track and serve customers across the channels they use, and provide a consistent, integrated brand and user experience. Mark helps banks and credit unions profitably enable customers to monitor and manage their money more intelligently through technology such as online banking, mobile banking, personal financial management, financial alerts, and technologies on the horizon. 

Mark led the development of Javelin’s Digital Banking Maturity Path, a strategic framework for assessing a financial institution’s ability to deliver advice in digital channels, and the Financial Journey Model, which builds digital banking on a foundation of time-tested personal finance principles. He has also mapped out strategies to upgrade online banking, digital account opening, and financial alerts in a mobile-first era. 

Before joining Javelin, Mark was a personal finance reporter for the San Jose Mercury News. He covered money and emerging trends in financial services and payments technology.

Mark has a bachelor’s degree in journalism from the University of Missouri at Columbia and attended Antioch College.

Stay in Touch!