Don't Look Now, but Mobile Privacy Regulations Are on the Way
Jul 9, 2013 5:00 AM PT
The issue of mobile privacy has been simmering for years, and it's long been apparent that there will be some movement at the government level sooner or later.
This week, sooner would probably be the better guess -- especially if the European Commission is included.
In the last few days, more allegations about U.S. government spying activities have emerged, published in the German magazine Der Spiegel.
'60 Million Connections'
Briefly, the U.S. appears to have been monitoring civilians' communications connections in Europe -- Germany, in particular. According to the publication, data collected from Germany "on normal days" includes 20 million telephone calls and 10 million Internet data exchanges. Last Christmas Eve, it collected data on around 13 million phone calls and about half as many online exchanges, the publication reported.
"On the busiest days, such as January 7 of this year, the information gathered spiked to nearly 60 million communication connections under surveillance," Der Spiegel said.
Those are serious charges for Europe, which places a high priority on privacy.
While U.S. government spying is not related to the activities of commercial companies -- or at least, U.S. companies -- the issue is now in the spotlight, and governments and consumers are both likely to be chomping at the bit to see some action.
'Guilt by Association'
It will happen, many predict, and U.S. companies had better be prepared to met whatever new requirements safeguarding European consumers' privacy are put into place if they want to maintain good relations with their European customers.
Expect there to be action addressing both online and mobile data collection.
"I don't think there is any doubt we will see some action by Europe in response to this report," David Johnson, principal with Strategic Vision, told CRM Buyer. "No -- the issue of government spying does not have anything to do with what, for example, Google might be collecting via Android app or Apple via iOS -- but the principal of 'guilt by association' will certainly kick in."
Whether that translates into more regulations or safeguards or increased scrutiny and actions against U.S. companies remains to be seen, but the smart companies will prepare for that day, Johnson said.
How to Get Ready
Even before this latest report ricocheted around the world, it was clear that privacy -- including, and perhaps especially, mobile privacy -- was on its way to becoming a front-burner issue among various governments, Jack Walsh, mobility program manager at ICSA Labs, told CRM Buyer.
For this reason, he said, it is included in "one of the four core areas that ICSA Labs examines in our mobile app testing program.
"While I cannot predict what bills will be written and become law, I can say it wouldn't be a surprise," Walsh said. "After all, many European governments are already busy protecting individual privacy with laws, and there are many different regulatory documents focusing on protecting users."
'Test and Analyze'
App developers should take the initiative to do due diligence and find "an independent, International Standards Organization-accredited testing organization with a history of security testing experience to test and analyze mobile apps for privacy and security before providing apps to their enterprise customers," Walsh recommended.
Developers would also do well to pay attention to the particular irks consumers and regulators express, and perhaps shy away from egregious moves, even if they are technically legal.
For example, one of the most common social media privacy violations is to upload all of a user's contacts, including geo-tagged photos, without the user's explicit consent, Ken Westin, mobile privacy advocate and security researcher for Tripwire, noted.
'They Are Not Going to Like It'
"The usual explanation for such actions is that the platform developers want to help users increase their social media network size," Westin told CRM Buyer. "However, in these situations the people in your contact list lose control over whether their personal information is being uploaded and shared."
Of course, common sense suggests that privacy-minded consumers hate such sleight-of-hand tactics.
"I think companies had better start tapping their inner common wisdom in these matters," Johnson said. "They are not going to like it if governments start to do it for them."