Mobile Privacy Roundup: Legal Hacks Suggested

[Phil Weiss]

The following ideas were proposed by members of the community on 9/5/12 on the issue of mobile privacy.  Please reply to this thread with more ideas and a contact person for that idea to get started.  Also let the community know if you're interested in presenting at the next meetup.

 

1.  Docracy is working on standardizing a mobile privacy policy, and they're encouraging knowledgeable participants to branch and hack away at what they've posted.  http://docracy.com/mobileprivacy

 

2.  One Legal Hacker (who I will let come forward if he/she so desires) suggested drafting a standardized collective agreement for all mobile app developers, one that would clearly dictate how litigation and penalties over a privacy/contract claim would play out (e.g., burden-shifting schemes).  The idea is to create some accountability to abide by privacy policies while also maintaining some certainty in a notoriously uncertain area of the law.  I will let that unnamed Legal Hacker correct me if I'm totally off-base.

 

3.  David Pashman expressed an interest in discussing the following idea further:

one thought that i mentioned as i was leaving regarding crowdsourcing PP reviews was to figure out a way to build on the platforms but evolve from crowdsourcing to getting content from those in the best position to provide it - the service provider.  assuming that a site is a "good egg" (like Sarah) then let's get the site to expain their TOS and PP.  so how best to incentivize the service provider to provide that content, and how to remove the barriers for doing that? in terms of removing the barriers, the TOS for thse TOS-reviewing sites should include a narrow waiver/release in favor of the service provider related to the content they provide on the review site

 

 

 

[Jorge]

Regarding no. 2, above you might be referring to the suggestion I made at the tail end of the meetup as follows:

Others have suggested standardizing PPs as a means of driving the creation of norms, making the privacy experience more consumer friendly, and reducing transaction costs associated with new venture formation. Standardization is not cost-free, however. Firms bear coordination costs when they try to come together to set standards. Coordination costs are usually the reason why standards setting efforts fail. 

In order to drive a PP standard settings process, I suggest the following: Industry participants should convene a PP standard settings organization ("SSO") to formulate and promulgate the adoption of a PP standard reflecting best practices. In return for joining the SSO and adopting its PP standard, the a firm will be entitled to raise a "safe harbor" defense in an action brought against it to remedy a violation of statutes and regulations that govern the use, storage, sale, etc., of consumer data. The safe harbor defense, if successfully asserted, would create a rebuttable presumption of no privacy violation that could be overcome only on proof that the actual privacy practices of the firm were not SSO compliant. In addition, where the safe harbor defense applies, the burden of proof that rests with the party alleging a violation would shift to something greater than the burden of proof that normally applies in privacy litigation (e.g., a preponderant evidence burden would shift to a clear and convincing evidence burden).  

The idea here is that the safe harbor defense could incent firms to bear the coordination costs associated with participating in the SSO.  

[Warren]

At the meetup I mentioned Tom Chernaik, and the work he has been doing both with his company Cmp.ly, and down in DC on the privacy front. You can read more about him and Cmp.ly here: http://cmp.ly/