UCHastings Instagram

          The McAllister streetscape project concludes with a great day of tree planting! Nearly 100 volunteers gathered to plant 50 trees and two small urban gardens in over 30 locations throughout the #Tenderloin earlier this month.
          Instagram Photo Likes wxhx, ayosh27, its_yayasworld and 19 others like this.
          Monday, September 30, 2013

          5 Rules to Help Developers Balance Privacy with Innovation

          Useful "rules of thumb" for developers and the attorneys who work with them.

          Charles Belle

          Charles Belle

          Executive Director, Institute for Innovation Law and Research Director, Privacy and Technology Project

          My work in privacy focuses on helping developers balance privacy with innovation. Recently, I moderated a panel at the Personal Identity Innovation Conference (PII): Baking Privacy into Your App: What Every Developer Needs to Know. This is a critical issue because developers are the first line of defense for consumers, but face huge challenges given the lack of clear regulations, different industry standards, and device-specific variations (mobile vs. browser vs. hardware). And while the focus of this panel was on developers -not many attorneys in the audience! - a few “rules of thumb” emerged from the panel that are useful for developers and the attorneys that work with them.

          1. Understand 3rd Party Terms of Service.

          Developers use Software Developers Kits (SDKs) built by third parties to add functionality to their software applications. For example, Yelp uses a map to show restaurants provided by Google or Apple (depending on the device). SDK’s are also used to provide analytics on software usage and advertising.

          Accepting the Terms of Service (ToS) of these SDKs, however, can put consumer data at risk. These agreements often hide what data is being collected, how the data will be used, and shift the burden of notice to the unknowing developer. Putting the developer, potentially, on the hook for liability as well. Developers, and their attorneys, must read and understand the ToS of any SDK used.

          2. Provide Notice to Consumers.

          It is increasingly difficult to communicate the nature, type, and amount of information gathered about individuals because of the sheer amount of personal data collected, and the ways data is generated, transmitted, and analyzed. Nonetheless, consumers are increasingly demanding clarity and disclosure about what information is being gathered in a way that is understandable by a non-attorney. Companies must communicate with consumers in a clear way that makes information digestible. It can be difficult to manage this process in a way that lends to a smooth user experience, but companies should err on the side of disclosure and ask for permission.

          3. Reputation is an Asset.

          Building on the aforementioned concept of Consumer Notice, companies should focus on building a good reputation with users. More specifically, companies should think about ways to incorporate reputation building into the design of software and product development. Reputation requires ensuring communication, i.e., being transparent in how information is collected (consumer notice), disclosing how information will be used, and, in a worst-case scenario, should personal information be exposed, informing users immediately.

          4. One Regulation To Rule them All.

          If companies only take away one piece of advice, it should be to understand and comply with the Children’s Online Privacy Protection Act (COPPA). COPPA is the one clear regulation that applies to absolutely everything and any violation will be fully enforced, making a company an industry pariah. Also, companies cannot assume children will not have access to their product. Companies should assume children might gain access and should develop their tools accordingly to be 100% certain they are on the right side of the law.

          5. Opportunity.

          Before we let fear govern all, there was a sense of optimism on the panel. The lack of legal clarity may cause uncertainty, but where clear privacy regulations exist, opportunities abound. Health care and the financial industries are the best examples: both have clear sets of privacy regulations in the United States. The clarity these regulations provide, however, enables companies to develop products with certainty. These regulations also create barriers of entry. Finally, the costs of adhering to the regulations mean consumers are more likely to pay money for applications, mobile or otherwise, in these spaces.

          Bonus Point Takeaway: Don’t be Creepy.

          It sounds glib, undefined, and abstract, but the panel returned to this takeaway time and time again. Don’t. Be. Creepy. Many of the challenges that have arisen are because a critical mass of users felt the product was too creepy. Before releasing a software application, companies should always ask: does this creep me out? Although creepiness is subjective, it’s a good rule of thumb: if it creeps you (developer or attorney) out, that’s bad.


          About

          Charles Belle is the Executive Director of the Institute for Innovation Law and the Research Director of the Privacy Project, at UC Hastings College of the Law. A research program at the Institute for Innovation Law, the Privacy Project engages in applied research and community outreach. In addition to his research, Charles focuses on developing implementable tools to ensure privacy and innovation.

          Go to News Archive

          Share this Story

          Share via Facebook
          Share via TwitterShare via EmailPrint Friendly Version

          Other Recent Stories/ RSS

          Wednesday, July 01, 2015

          Thinkers & Doers: July 1, 2015

          UC Hastings community members in the news and making moves, June 20, 2015 - July 1, 2015.
          Tuesday, June 30, 2015

          Angela Bruno '07 Wins Landmark Case Against TGI Friday’s

          She and her husband formed a personal injury firm for trial cases that is proving successful.
          Tuesday, June 30, 2015

          Alumni Win Big in NBA’s 40 under 40 Awards

          Andrew Houston ’07, Bari Williams ’08, and Kasheica McKinney ’08 selected for the award.
          Wednesday, June 24, 2015

          State Budget Keeps Fees Flat, Funds Long-Range Campus Plan

          Enacted budget provides sufficient funding to allow UC Hastings to maintain student fees unchanged for the 4th consecutive year; Appropriates $36.8 million to construct a new academic building at 333 Golden Gate Ave; Authorizes use of private donations to supplement the state’s appropriation for building enhancements so as to fully leverage the opportunity to create a “top of class” facility commensurate with the college’s stature and prominence.
          Wednesday, June 24, 2015

          Academic Chairs Awarded to Four Faculty Members

          UC Hastings is pleased to announce Professors Field, Keitner, Reiss, and Short have all been appointed to new or existing faculty Chairs.
          Go to News Archive