Apple, Google reach privacy deal, but is it enough?

February 23, 2012 6:25 AM EST

Apple [AAPL], Google [GOOG], Microsoft [MSFT] and three other major tech firms have agreed to a deal that means in future apps on their platforms must "provide greater privacy disclosures" before downloading the software. Announced by the State of California, the deal's a move in the right direction, but is it enough?

[ABOVE: Attorney General Harris announces the agreement. Part one -- part two below.]

Do voluntary deals work without enforcement?

The hyperbole around the agreement -- which has been several months in the making -- is one thing: Amazon, Research In Motion and HP have also agreed to the new restrictions. The changes are designed to prevent a user's personal data from being grabbed by apps on these mobile platforms.

In future, apps will need to tell users what data they need, and what they intend doing with that data, before a user installs the app.

The move reflect the growing importance of user data to the new era of demographic, location and preference-targeted mobile advertising. The forces driving those evolutions are offering users the kind of information they might want in exchange for chunks of their individual privacy.

This means mobile device users are vulnerable to privacy intrusion and abuse by numerous entities, including app developers, analytic services and advertising networks.

These entities can get detailed data regarding your location, contacts, identity, messages and photos. However, in the absence of a privacy policy, what is done with this personal data is largely invisible to consumers.

[ABOVE: Part two of the California announcement.]

Your data, your decision

One study cited in the California State press release found that only 5 percent of all mobile apps have a privacy policy.

The big tech firms have not yet shown significant commitment to ensuring such data transactions are transparent and well understood. Though this hasn't prevented them from enabling such data to be sought in the interim.

"Your personal privacy should not be the cost of using mobile apps, but all too often it is," said State of California Attorney General, Kamala Harris. She notes that 22 of 30 of the most downloaded mobile apps do not have privacy notices.

Despite the many reports describing this new deal, few have gone into much detail, beyond observing that developers and the big software firms will have to disclose how they intend using that data.

As it stands, information such as the contents of a user's contacts books are routinely grabbed and transmitted to servers belonging to app developers. Guilty apps include those from Twitter, Facebook and more.

Make an effort

"Most mobile apps make no effort to inform users about how personal information is used," Harris said at a press conference in San Francisco (see video clips). "The consumer should be informed of what they are giving up.

In future, consumers will have a chance to review an app's privacy policy before they download the app rather than after. They will also get a consistent location for an app's privacy policy on the application-download screen.

"By ensuring that mobile apps have privacy policies, we create more transparency and give mobile users more informed control over who accesses their personal information and how it is used."

Don't expect immediate change -- the six firms will meet with the attorney general in six months to assess compliance.

If there's a crime, what's the punishment?

But is this enough?

The path to sundry hells is often to be seen in voluntary agreements.

The pace of technological change, particularly in the mobile space, is extremely rapid. As described, the deal basically means signatories have six months in which to secure user privacy. Worse, they face no clear time line for enforcement of the deal, and while California says it will prosecute in the event apps developers break this code, such enforcement is slow, expensive, and may not even succeed.

The attempt by major data companies to agree to a voluntary deal might help them fend off any potential government interference designed to protect user privacy. However, the importance of the cloud and the evolution of all manner of connected online services shows that data -- your data -- is an essential element to the gold mine of future technology.

It is interesting to reflect that while all six signatory firms are US/Canada-based, they are also multinational firms who already have access to quantities of personal data even our own governments are unable to source. And yet, these large firms and their many smaller third-party developer satellites remain completely unaccountable for what they do with that data, even under the new deal.

There are signs that regulators are beginning to comprehend the mobile-driven threat to user privacy. US state lawmakers recently contacted Google to express their concerns over that company's appallingly intrusive new privacy policy. (Why can't users opt-out, Google?) In the EU, the authorities have asked Google to delay the changes, pending regulatory investigation.

Big business in your data

This growing understanding about the importance of privacy is clear in the following statement from the State of California:

"Privacy policies are an important safeguard for consumers. Privacy policies promote transparency in how companies collect, use and share personal information. The agreement with the platforms is designed to ensure that mobile apps comply with the California Online Privacy Protection Act. The Act requires operators of commercial web sites and online services, including mobile apps, who collect personally identifiable information about Californians to conspicuously post a privacy policy."

An estimated 98 billion mobile applications will be downloaded by 2015, and the $6.8 billion market for mobile applications is expected to grow to $25 billion within four years.

In isolation those stats are impressive, but when you also consider the mobile advertising ecosystem is estimated to be worth over $2 billion today and predicted to be worth as much as $14 billion by 2014, according to Gartner, then surely it becomes clear that some entities are looking to profit from your personal data. This means users like you and me must ask ourselves, "Is our data for sale?" This also means we have a right to choose with whom we share our data.

The new deal is a small step in that direction, but without threat of significant punishments for those who contravene the spirit of this deal, it's a paper tiger at best.

Got a story? Drop me a line via Twitter or in comments below and let me know. I'd like it if you chose to follow me on Twitter so I can let you know when these items are published here first on Computerworld.