On Friday, February 22, the Wall Street Journal ran a story titled “You Give Apps Sensitive Personal Information. Then They Tell Facebook” (subscription required). The report gained further traction over the weekend, and by Monday, February 25th several of those identified as sharing data with Facebook had reportedly stopped doing so. Now, it is not at all unusual for different mobile apps to share data with the device maker, Facebook, or other applications. In fact, huge numbers of people intentionally share all sorts of interesting and completely uninteresting things via these linkages. (We’ll defer for now the conversation about how people are just beginning to understand why rather personalized ads appear in their Facebook newsfeeds.)
However, the mobile apps identified by Journal reporters as sharing data with Facebook included a menstruation/ovulation tracker, a heart rate monitor, blood pressure and glucose level tracker, and a weight loss app, among others. Really. Most people probably understand wanting to share personal achievements, sometimes setbacks, but sharing this sort of highly personal information is likely limited to a small number of users and even then, when they have chosen to do so. (To be clear, the Journal’s article did not suggest that a woman’s ovulation cycle or a person’s glucose level appeared on their individual or any other Facebook newsfeed. Nor did the reporting suggest that Facebook even permits delivery of such sensitive information.)
So what went wrong, other than appearing in national newspapers for all the wrong reasons? A skeptic would suggest that perhaps the app developer didn’t know precisely what data went to a third party; or perhaps the developer considered the sharing of individualized user data for analysis and newsfeed advertising to be acceptable; or they didn’t understand or ask the right questions. But in no circumstance did the app developer build into the app granular data control for the highly personal user information nor provide a conspicuous notice of the data sharing, according to the Journal’s investigation.
Enter Privacy by Design. Or, what you all should be doing.
As a brief recap to those unfamiliar with the concept, Dr. Ann Cavoukian, the former Information and Privacy Commissioner of Ontario, Canada, developed the PbD framework in the late 1990’s and by 2010 subsequent iterations were recognized by the International Conference of Data Protection & Privacy Commissioners as a necessary component of privacy protection.
The rather simple, fundamental premise to Privacy by Design is that “privacy” is the default setting when viewed from the individual user’s perspective. That means, for example, that data sharing, by default, is set to Off or No, regardless of how much the app developer might like to share just a subset of personal information. Not surprisingly, the PbD principles insist that special diligence be applied when any sort of sensitive health or financial data is involved.
A fuller version of the seven principles are included at the Privacy by Design link above, but at the highest level they are:
- Principle 1: Proactive not reactive: preventative not remedial
- Principle 2: Privacy as the default setting
- Principle 3: Privacy embedded into design
- Principle 4: Full functionality: positive-sum, not zero-sum
- Principle 5: End-to-end security: full lifecycle protection
- Principle 6: Visibility and transparency: keep it open
- Principle 7: Respect for user privacy: keep it user-centric
Of course, when a business is driven by the number of users and potentially by the data those users generate, there will be a clear tension between the principles above and the organization’s desire to monetize information. And in a less digital, less mobile world, not even that many years ago, a decision to not provide user choice and to share data with third parties was common. But, glibly put, the world has changed.
Readers of this blog understand that ‘resistance is futile’ and that increasingly US state laws and regulators are evolving toward the Privacy by Design mandate with respect to consumer information. The bottom line is that social media links within apps are perfectly fine when the app user knows about what data is shared and has a choice as to how much or what data is shared. Otherwise, prepare for the possibility of making the national news.