12 March 2012
Recently, the GSMA launched an important next step in its cross-industry Mobile Privacy Initiative, publishing a set of Privacy Design Guidelines for Mobile Application Development. Building on the framework established by the Mobile Privacy Principles, these guidelines can help provide users with better transparency into and control over how their mobile applications use personal information. You can read the GSMA’s press release here, and more about our support for the Mobile Privacy Initiative here.
We believe that the best way to protect consumer privacy is not for companies and developers to operate in a vacuum, but to work together to ensure that the consumer experience around the collection, use and distribution of their personal information is consistent in important ways. The GSMA’s work here provides a strong and appropriate framework for achieving that consistency. And so Vodafone is thrilled to have played a leading role in the creation of these guidelines and to be implementing them within our organisation. Says Vodafone Group Privacy Officer Stephen Deadman, “In order to maintain the strong growth in both the sales and popularity of mobile apps, customers need to be confident that their privacy is protected when they use them. This is the responsibility of the entire mobile industry, and these guidelines set an important standard in defining what consumers should expect from their apps.”
We wanted to share our own application privacy efforts, how these guidelines will work in our organisation and what we see as next steps.
In creating our own application privacy guidelines, available on developer.vodafone.com, we spent a lot of time seeking to understand how our developers worked and what they encountered as sticking points and common mis-steps in creating privacy-respectful applications. As far back as 2009, we created and launched our first application privacy guidelines, around location privacy, and we created forums for feedback so we could understand how our developers perceived and incorporated the guidelines.
Guided by these experiences, we built out our internal privacy guidelines and then worked to translate them into developer-friendly formats. Legalese doesn’t get us anywhere when talking to developers about privacy! Of course, just posting a set of guidelines to a website doesn’t get us much either, so we’ve also been hard at work socialising privacy expectations with our developers and training at independent events and conferences like Over The Air as well as the GSMA-hosted developer events and even this year’s Mobile World Congress. Standards have a role to play as well in creating consistent privacy experiences, so we participate in internet and mobile standards-setting organisations and push for those that can help protect privacy.
So what do the GSMA guidelines mean for Vodafone? We’ve already announced them to our developer community, we are building them onto the framework of our existing application privacy programme, and they’ll be in effect by the deadline with our internal development teams and participants in the Vodafone developer programme.
But success for these guidelines means that we’re not acting alone – they’re intended to encourage an environment where the industry works together to create good privacy experiences, including major operating systems providers and other players in the very complex mobile ecosystem. We’ll be working to make sure the guidelines are met wherever it’s in our power to do so – we’d love to be able to insist that other major players meet them, but to be honest that’s not always possible. So for now, we’re incorporating them internally. But we’ll continue to evangelise them wherever we can, to ensure that the developers we’re associated with are good app privacy citizens. As for independent players in the mobile ecosystem, like handset manufacturers, operating system providers and app platforms, we’d love to see them sign on as well and will work on encouraging them where it’s in our power to do so.