Does Having A Privacy Policy Matter?

“Data Driven Thinking” is written by members of the media community and containing fresh ideas on the digital revolution in media.

David Danziger is Director of Data and Targeting Products at Acxiom Corporation.

The Future of Privacy Forum recently analyzed the top 30 paid mobile apps (across multiple mobile platforms including Blackberry, Android, and iOS) and found that 22 of them lacked a privacy policy. The statistic is fairly amazing in its own right, given that a lot of us will at least say as consumers “of course we care a great deal about our privacy!” How do I know? Because we say as much when asked about it. A recent survey by Harris Interactive indicates:

• 38% consider privacy their top concern with respect to mobile apps and 56% said it’s one of their foremost concerns.
• 52% said they’ve read an app’s privacy policy
• 98% said they want better controls over what can be collected and how it can be used.

And yet, 22 of the top 30 paid mobile applications still somehow managed to gain enormous popularity without even having a privacy policy. And among those that do have a privacy policy? Well…Let’s be honest about how often we really read those – almost never. Remember, only 52% of us said we’d read an (presumably meaning “one”) app’s privacy policy. Some may have read a bunch. But I suspect most people have read somewhere between zero and … zero.

Now I’ve read a privacy policy or two. I work in the data industry (as do many of you) and I know how data is generally used for good things. Data that is captured upon registration as well as in the course of application usage can be helpful in shaping relevant and new product offerings as well as interest-based advertising. All of these uses facilitate effectiveness so that you and I receive offers for apps we’re interested in at a price below what they’d otherwise be. Data can also be used for nefarious purposes as well. A privacy policy by itself is not a panacea. In the Danziger household, there are at least five mobile devices onto which apps are regularly downloaded. It would not surprise me if we downloaded 10 applications per week (figuring a somewhat conservative average of 2 per device). My kids are not allowed to download any apps without parental permission and a password. So in theory, my wife and I should each be reading an average of 5 privacy policies per week. Imagine that for a moment. Suffice it to say, that’s not happening anytime soon.

So, does having a privacy policy matter? Yes it does and each mobile application provider should have one. It represents an important symbol of a safe haven, implying trust that the application provider has thought about and applied controls to the app and data that the application collects and uses. The consumer reasonably expects the data to be under control and governed under a privacy policy… Making the policy available and easy to understand demonstrates that the app provider embraces that as a norm and a responsibility. It also sets important boundaries under which there can be redress in case of conflict with respect to how consumer data is used by the app provider. Consumers have the choice whether or not to read the fine print contained in privacy policies but any company that is collecting or making use of data related to individuals or their associated devices should, at a minimum, have a clearly stated policy of what data it captures, how they will use it and with whom that data will be shared and under what circumstances. Failure to provide such basic information to app down-loaders (and users), plus failure to respect the principles of responsible data stewardship invites scrutiny from legislators, regulators, watchdog groups, the media and the public at large. A privacy policy doesn’t guarantee responsible data use, but at a bare minimum, it’s a sign that someone is thinking about it.

Should consumers care about how their data is being collected, used and shared with respect to apps in mobile devices? Yes, but we shouldn’t let that worry and prevents us from enjoying mobile, hip new computers loaded with ready-made answers, productivity, books, music, games, widgets, and more. At least I won’t in my household. As with all choices we make in our connected-consumer society, we apply our own personal judgment (often gut-level and first-impression-based) and then make decisions. Does the app seem legitimate? What information will the app access? How much do I have to pay for the app? How likely am I to continue using it? These are practical questions of value and they should be the basis for the decisions we make about our mobile apps. It would be nice if we could always be certain about where the data is going and how it will be used…but I don’t think there is a 100% guarantee on that. Meanwhile, the evidence (22 of the top paid apps) indicates that we have enough confidence in the mobile apps marketplace to proceed with transactions and enjoy what they produce. We have at least enough confidence to give them $1.99 and access to some of the data related to ourselves and our devices!

Follow David Danziger (@DavidDanziger), Acxiom (@acxiom) and AdExchanger.com (@adexchanger) on Twitter.