Proposed laws to protect users from privacy infringement

by CXOtoday News Desk    May 30, 2013

Mobile Apps

Garnering information from users to understand customer behaviour is nothing new. In fact, now it even has a cool name—Big Data. But, when does collating data become privacy infringement? When should mobile carriers stop storing data that you provided? 

In answer, the Network Advertising Initiative (NAI), a group that promotes online privacy and freedom, in the United States, has submitted a draft on the code of conduct pertaining to how information are collected from mobile apps. Last week it gave its members the draft that elucidates how behavioural targeting, or serving ads based on data collected across more than one app.

NAI Executive Director Marc Groman says the organisation expects to finalize its Mobile Application Code this June, reported ResponseMagazine.com

The proposed mobile rules require companies to allow users to opt for or out of receiving behaviourally targeted ads on mobile devices. Even if people opt out, the proposed code lets ad networks continue to collect data “non-personally identifiable” data for some purposes like analytics, ad optimization and frequency capping. The NAI says data connected to a particular device–as opposed to a person—is “non-personally identifiable”, it was stated in the report.

But the NAI also proposes requiring companies to either discard that information, or else “de-identify” it (meaning that it’s no longer linkable to particular devices), as soon as the data is no longer needed.

The proposal would require members to obtain opt-in consent before collecting personally identifiable information (names, addresses and phone numbers) and “sensitive” information, including financial account numbers, and precise information about medical conditions.

The draft rules also address information unique to mobile like geo-location data and “personal directory data” – which includes address books, photos or videos stored on devices and logs of phone calls. The NAI proposes that its members obtain opt-in consent before collecting either geo-location data or personal directory data, said the report.

The IT Act in India protects users from unrelated mobile ads. It is also meant to curb mobile carriers from collecting data from users without their permission. However, these laws, while present are not implemented to the letter.