Monday, September 30, 2013

          5 Rules to Help Developers Balance Privacy with Innovation

          Useful "rules of thumb" for developers and the attorneys who work with them.

          Charles Belle

          Charles Belle

          Executive Director, Institute for Innovation Law and Research Director, Privacy and Technology Project

          My work in privacy focuses on helping developers balance privacy with innovation. Recently, I moderated a panel at the Personal Identity Innovation Conference (PII): Baking Privacy into Your App: What Every Developer Needs to Know. This is a critical issue because developers are the first line of defense for consumers, but face huge challenges given the lack of clear regulations, different industry standards, and device-specific variations (mobile vs. browser vs. hardware). And while the focus of this panel was on developers -not many attorneys in the audience! - a few “rules of thumb” emerged from the panel that are useful for developers and the attorneys that work with them.

          1. Understand 3rd Party Terms of Service.

          Developers use Software Developers Kits (SDKs) built by third parties to add functionality to their software applications. For example, Yelp uses a map to show restaurants provided by Google or Apple (depending on the device). SDK’s are also used to provide analytics on software usage and advertising.

          Accepting the Terms of Service (ToS) of these SDKs, however, can put consumer data at risk. These agreements often hide what data is being collected, how the data will be used, and shift the burden of notice to the unknowing developer. Putting the developer, potentially, on the hook for liability as well. Developers, and their attorneys, must read and understand the ToS of any SDK used.

          2. Provide Notice to Consumers.

          It is increasingly difficult to communicate the nature, type, and amount of information gathered about individuals because of the sheer amount of personal data collected, and the ways data is generated, transmitted, and analyzed. Nonetheless, consumers are increasingly demanding clarity and disclosure about what information is being gathered in a way that is understandable by a non-attorney. Companies must communicate with consumers in a clear way that makes information digestible. It can be difficult to manage this process in a way that lends to a smooth user experience, but companies should err on the side of disclosure and ask for permission.

          3. Reputation is an Asset.

          Building on the aforementioned concept of Consumer Notice, companies should focus on building a good reputation with users. More specifically, companies should think about ways to incorporate reputation building into the design of software and product development. Reputation requires ensuring communication, i.e., being transparent in how information is collected (consumer notice), disclosing how information will be used, and, in a worst-case scenario, should personal information be exposed, informing users immediately.

          4. One Regulation To Rule them All.

          If companies only take away one piece of advice, it should be to understand and comply with the Children’s Online Privacy Protection Act (COPPA). COPPA is the one clear regulation that applies to absolutely everything and any violation will be fully enforced, making a company an industry pariah. Also, companies cannot assume children will not have access to their product. Companies should assume children might gain access and should develop their tools accordingly to be 100% certain they are on the right side of the law.

          5. Opportunity.

          Before we let fear govern all, there was a sense of optimism on the panel. The lack of legal clarity may cause uncertainty, but where clear privacy regulations exist, opportunities abound. Health care and the financial industries are the best examples: both have clear sets of privacy regulations in the United States. The clarity these regulations provide, however, enables companies to develop products with certainty. These regulations also create barriers of entry. Finally, the costs of adhering to the regulations mean consumers are more likely to pay money for applications, mobile or otherwise, in these spaces.

          Bonus Point Takeaway: Don’t be Creepy.

          It sounds glib, undefined, and abstract, but the panel returned to this takeaway time and time again. Don’t. Be. Creepy. Many of the challenges that have arisen are because a critical mass of users felt the product was too creepy. Before releasing a software application, companies should always ask: does this creep me out? Although creepiness is subjective, it’s a good rule of thumb: if it creeps you (developer or attorney) out, that’s bad.


          About

          Charles Belle is the Executive Director of the Institute for Innovation Law and the Research Director of the Privacy Project, at UC Hastings College of the Law. A research program at the Institute for Innovation Law, the Privacy Project engages in applied research and community outreach. In addition to his research, Charles focuses on developing implementable tools to ensure privacy and innovation.

          Go to News Archive

          Share this Story

          Share via Facebook
          Share via TwitterShare via EmailPrint Friendly Version

          Other Recent Stories/ RSS

          Friday, February 16, 2018

          Patrick Barry '94 Takes COO Role at Legal Tech Startup Logikcull

          The cloud-based eDiscovery software company brings Barry back to business as a tech executive after a two-year sabbatical.
          Thursday, February 01, 2018

          Thinkers & Doers: January 2018

          Inaugural Exhibition of the McEvoy Foundation for the Arts – Professor Viswanathan co-authors SSRN’s "Top Paper of 2017" – When Deportation is a Death Sentence – A project to “restate” copyright law – Alum named 2018 Antitrust Lawyer of the Year – Posh Hotels & Swanky Cocktails in the Tenderloin – Calling out racists actually good for health – Bay Area Corporate Counsel Winners – and much more
          Monday, January 29, 2018

          Justice Lidia Stiglich '95 Brings Compassion to the Bench

          She is taking a “people-centric” approach as the first openly gay justice to serve on the Nevada Supreme Court.
          Thursday, January 18, 2018

          1L Cindy Muro Receives Scholarship for Domestic Violence Advocacy

          A survivor of abuse herself, Muro now strives to do everything in her power to help people help themselves and create a platform for individuals to be heard.
          Thursday, January 11, 2018

          Message from Dean Faigman: On the passing of Professor Geoff Hazard

          “A deeply inspiring teacher, a mentor to many generations of students and faculty, an enormously influential scholar, and a dear friend to so many of us.”
          Go to News Archive