FTC: Be More Precise In Your EULAs and Privacy Policies

FTC updateIf you’re running a “just legal” data collection operation, or if some portion of your revenue stream involves selling customer data, stop what you’re doing and pay attention for the next five minutes — it could have you a lot of hassle in the near future.

The Federal Trade Commission has made it clear that it’s tightening the reigns when it comes to the wording of end user license agreements (EULAs) and privacy policies.

How Typical Data Collection and Sale Businesses Work

Goldenshores Technologies maintained a lucrative (if not standard) Internet business operation:

  1. It offered a free Android app called, “Brightest Flashlight Free;”
  2. It collected information about everybody who downloaded the program, and then
  3. Goldenshores sold the data to 3rd party marketers.

The people loved the app and downloaded it millions of times over. (Not surprising when you consider that LED phone flashlights are the new “concert candle”.) To consumers, “Brightest Flashlight Free” served both a utilitarian – and perhaps aesthetic – purpose. But many users didn’t realize that every time they used it, the app gathered geolocation data, in conjunction with a device identifier, and bundled the data for third party ad networks. Cha-ching.

But the FTC felt Goldenshores was less than honest about how, when and why the information was collected.

So, consumer agency announced a consent order regarding the “Brightest Flashlight Free” application. What made the announcement noteworthy is that it didn’t focus on what Goldenshore’s policy said, but rather what it didn’t say.

The FTC’s main issues with the app:

  1. The company’s failure to inform customers clearly that the app collected and distributed precise geolocation info coupled with the phone’s identifier. The combination allowed third party marketers to match individuals with devices.
  2. The application presented users a no-share option, but before that choice was presented, the information had already been collected, rendering the opt-out useless.
  3. The Brightest Flashlight Free privacy policy was vague. Even though it did list a few ways in which Goldenshores may use data, it didn’t disclose that said information would be sent to third party advertisers.

Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, explained the commission’s stance succinctly by stating, “But this flashlight app left them in the dark about how their information was going to be used.”

In an unusual step for the agency – and perhaps a harbinger of what to expect from the FTC under Edith Ramirez’s stewardship – the commission didn’t just delineate offer murky platitudes. Instead, the FTC outlined exactly what Goldenshore had to do to become compliant, thereby making clear the exact standard for geolocation app privacy disclosures.

So what verbiage does the FTC require for geolocation app privacy policies? Basically, the FTC now requires a clear-worded disclosure, appearing before the transfer of any information, which explains to consumers:

  1. How data is collected;
  2. How data is used;
  3. How data is stored;
  4. Who sees the data;
  5. Who data is shared with or sold to (if any); and
  6. Why data is collected.

App Developer Lawyer

Are you a developer in need of an attorney? Kelly Warner represents all kinds of tech startups and established online businesses. We’re not an old-school firm — and we don’t boast of Internet law expertise just because we know how to use Facebook. We’re a firm made up of affiliate marketers, gamers and even programmers — who also happen to be top-rated attorneys.

Get in touch today. Kelly Warner is ready to help smooth things for your digital or Internet-based business.

Let's Talk » »
Legal Disclaimer | Privacy Policy | Terms of Service
© 2017 Kelly Warner Law PLLC. All Rights Reserved.
800: 1-866-570-8585
Office: 480-588-0449