UCHastings Instagram

          Spotted! Above the Law's @davidbenjaminlat and #UCHastings Acting Chancellor & Dean David Faigman, apres #coffeetalk.
          Instagram Photo Likes ashavora, kvanrobinson, abudobby and 22 others like this.
          Monday, September 30, 2013

          5 Rules to Help Developers Balance Privacy with Innovation

          Useful "rules of thumb" for developers and the attorneys who work with them.

          Charles Belle

          Charles Belle

          Executive Director, Institute for Innovation Law and Research Director, Privacy and Technology Project

          My work in privacy focuses on helping developers balance privacy with innovation. Recently, I moderated a panel at the Personal Identity Innovation Conference (PII): Baking Privacy into Your App: What Every Developer Needs to Know. This is a critical issue because developers are the first line of defense for consumers, but face huge challenges given the lack of clear regulations, different industry standards, and device-specific variations (mobile vs. browser vs. hardware). And while the focus of this panel was on developers -not many attorneys in the audience! - a few “rules of thumb” emerged from the panel that are useful for developers and the attorneys that work with them.

          1. Understand 3rd Party Terms of Service.

          Developers use Software Developers Kits (SDKs) built by third parties to add functionality to their software applications. For example, Yelp uses a map to show restaurants provided by Google or Apple (depending on the device). SDK’s are also used to provide analytics on software usage and advertising.

          Accepting the Terms of Service (ToS) of these SDKs, however, can put consumer data at risk. These agreements often hide what data is being collected, how the data will be used, and shift the burden of notice to the unknowing developer. Putting the developer, potentially, on the hook for liability as well. Developers, and their attorneys, must read and understand the ToS of any SDK used.

          2. Provide Notice to Consumers.

          It is increasingly difficult to communicate the nature, type, and amount of information gathered about individuals because of the sheer amount of personal data collected, and the ways data is generated, transmitted, and analyzed. Nonetheless, consumers are increasingly demanding clarity and disclosure about what information is being gathered in a way that is understandable by a non-attorney. Companies must communicate with consumers in a clear way that makes information digestible. It can be difficult to manage this process in a way that lends to a smooth user experience, but companies should err on the side of disclosure and ask for permission.

          3. Reputation is an Asset.

          Building on the aforementioned concept of Consumer Notice, companies should focus on building a good reputation with users. More specifically, companies should think about ways to incorporate reputation building into the design of software and product development. Reputation requires ensuring communication, i.e., being transparent in how information is collected (consumer notice), disclosing how information will be used, and, in a worst-case scenario, should personal information be exposed, informing users immediately.

          4. One Regulation To Rule them All.

          If companies only take away one piece of advice, it should be to understand and comply with the Children’s Online Privacy Protection Act (COPPA). COPPA is the one clear regulation that applies to absolutely everything and any violation will be fully enforced, making a company an industry pariah. Also, companies cannot assume children will not have access to their product. Companies should assume children might gain access and should develop their tools accordingly to be 100% certain they are on the right side of the law.

          5. Opportunity.

          Before we let fear govern all, there was a sense of optimism on the panel. The lack of legal clarity may cause uncertainty, but where clear privacy regulations exist, opportunities abound. Health care and the financial industries are the best examples: both have clear sets of privacy regulations in the United States. The clarity these regulations provide, however, enables companies to develop products with certainty. These regulations also create barriers of entry. Finally, the costs of adhering to the regulations mean consumers are more likely to pay money for applications, mobile or otherwise, in these spaces.

          Bonus Point Takeaway: Don’t be Creepy.

          It sounds glib, undefined, and abstract, but the panel returned to this takeaway time and time again. Don’t. Be. Creepy. Many of the challenges that have arisen are because a critical mass of users felt the product was too creepy. Before releasing a software application, companies should always ask: does this creep me out? Although creepiness is subjective, it’s a good rule of thumb: if it creeps you (developer or attorney) out, that’s bad.


          About

          Charles Belle is the Executive Director of the Institute for Innovation Law and the Research Director of the Privacy Project, at UC Hastings College of the Law. A research program at the Institute for Innovation Law, the Privacy Project engages in applied research and community outreach. In addition to his research, Charles focuses on developing implementable tools to ensure privacy and innovation.

          Go to News Archive

          Share this Story

          Share via Facebook
          Share via TwitterShare via EmailPrint Friendly Version

          Other Recent Stories/ RSS

          Wednesday, February 10, 2016

          UC Hastings Distinguished Lecture Series 2016

          Esteemed experts in environmental, international, and procedural law to present Ambassador J. Christopher Stevens, Gordon Mathis Riley, and Mathew O. Tobriner memorial lectures.
          Friday, February 05, 2016

          UC Hastings named to PreLaw’s “Best” Lists for Government, IP, and Tech Law Specialties

          Students benefit from depth and breadth of classroom offerings, experiential opportunities.
          Tuesday, February 02, 2016

          Center for Gender & Refugee Studies Files "Rocket Docket" FOIA Lawsuit

          "This information could be the difference between life and death for many Central American women and children," says CGRS Senior Staff Attorney Christine Lin.
          Monday, February 01, 2016

          UC Hastings Trial Team Crowned National Champions

          3Ls Chelsea Heaney, Mira Karageorge, Justin Page and Hannah Worek earn 1st Place at ABA Section of Labor & Employment Law's 12th Annual Law Student Trial Advocacy Competition
          Friday, January 29, 2016

          Thinkers & Doers: Jan. 29, 2016

          UC Hastings community members in the news and making moves.
          Go to News Archive