Multistakeholder Meetings to Develop Consumer Data Privacy Code of Conduct Concerning Mobile Application Transparency (Jan 17 2013)

Multistakeholder Meetings to Develop Consumer Data Privacy Code of Conduct Concerning Mobile Application Transparency

National Telecommunications and Information Administration
Department of Commerce
January 17, 2013
1:00 p.m.
http://www.gpo.gov/fdsys/pkg/FR-2012-12-20/pdf/2012-30684.pdf

See updated info here: http://www.ntia.doc.gov/other-publication/2013/privacy-multistakeholder-...

Stakeholders will engage in an open, transparent, consensus-driven process to develop a code of conduct regarding mobile application transparency.

Draft agenda

1:00 p.m. Welcome

1:10 p.m. Facilitated Discussion – Issues Tabled or Raised at the December 17, 2012 meeting concerning the Application Developers Alliance, et al. Discussion Draft:

  • Should Section II(A) include “age of user?” If so, should the term “age of user” be revised and/or more precisely defined? (5 minutes)
  • In Section II(A), should the term “financial information” be revised and/or more precisely defined? (5 minutes)
  • In Section II(A), should the term “health, medical, or therapy information” be revised and/or more precisely defined? (5 minutes)
  • In Section II(A), should the term “stored images (such as files or images)” be revised and/or more precisely defined? (5 minutes)
  • Should Section II(A) require the disclosure of data collected through direct user submissions? (5 minutes)
  • Should Section II(A) require the disclosure of data collection that is necessary for the app to function? (5 minutes)
  • In Section II(B), should short form notices include disclosure of third-party data sharing with “affiliated businesses?” If so, should the term “affiliated businesses” be revised and/or more precisely defined? (5 minutes)
  • In Section II(B), should short form notices include disclosure that an app shares data with “data brokers?” If so, should the term “data brokers” be revised and/or more precisely defined? (5 minutes)
  • In Section II(B), should the term “other developers or networks” be revised and/or more precisely defined? (5 minutes)
  • In Section II(B), should the list of entity types be revised to reduce overlap
  • between entities, e.g. “affiliated businesses” and “content publishers?” (5 minutes)
  • In Sections II and III, should the term “share” be more precisely defined? (5 minutes)
  • Should language referencing “responsive design” be included in Section III? (5 minutes)
  • How should Section IV be revised re: disclosure of “how consumers may request deletion of data collected by the app” if such deletion is available? (5 minutes)
  • How should Section IV be revised to clarify the term “these links?” (5 minutes)
  • Are revisions necessary to clarify the use of “shall,” “must,” and “should” throughout the document? (5 minutes)
  • Should the code include language that would limit an app’s liability for failing to provide exhaustive disclosures in the short-form notice? If so, what language? (5 minutes)
  • Should short form notice be required? (5 minutes)
  • How should long form notices be treated in the code? Is the current language in Section IV sufficient? (5 minutes)
  • Is the language in Section I best treated as part of a code of conduct or as a separate “principles document?” (5 minutes)

2:50 p.m. Break

3:10 p.m. Last Call for Objections Regarding Issues Resolved at the December 17, 2012 meeting:

  • Remove the term “persistent identifiers” from Section II(A) (short form notice).
  • Remove the term “time of data collection” from Section II(A) (short form notice).
  • Remove the term “patterns of app usage” from Section II(A) (short form notice).
  • Agree that Section IV requires disclosure of “how consumers may request deletion of data collected by the app” if such deletion is available.

3:20 p.m. Discussion of Plans for Usability Testing

4:20 p.m. Procedural Issues (role of academics, next steps, proposed agenda items for January 31, 2013 meeting)

4:50 p.m. Farewell