Recently, my employer announced that Android app developers’ pages come with a place to link to their privacy policy. This is such an obviously, painfully good idea; I can’t pass up the opportunity for a short lecture on Why You Should Care and What You Should Do.

Like it says in the sidebar, I’m not speaking for Google, but I can report that Google is full of people who think about privacy and worry about it and talk about it all the time. I think mobile app developers should think and worry and talk just the same.

Things I believe about privacy:

It Matters to You · There may be a few apps out there that raise exactly zero privacy concerns, but yours probably isn’t one of them. If you do analytics or track renewal rates or back up data or, well, do almost anything useful that involves the Internet, information about people out there and how they use your app is going to build up online. Then you have a privacy issue.

You Gotta Publish a Policy · Having a policy proves that you’ve thought about it and you care. That’s enough reason right there.

Even if yours is one of the few apps with no privacy implications, you should still point that privacy-policy link at a statement saying so; there are enough (sensibly) paranoid people out there that it’s probably a decent marketing tool.

Run the Policy Past PR and Legal · If you’re a startup you may not have “PR”, so get your CEO to sign off. As for legal, I am not a lawyer and you probably aren’t either. Would you push a release of your flagship software product without engineering/QA sign-off? Seriously, this is what lawyers are for.

There Are Privacy Paranoids · People vary wildly in their feelings about privacy and online data. It’s about emotion not just logic, and that’s fine.

First, there’s a big group of people who don’t care and just ignore the issue.

Then there’s another group who take an interest, but are OK with you collecting data as long as they think they’re getting something for it.

Finally, there are people, more than you might think, who have a super-high level of concern and basically don’t want anything knowing anything about them, whatever the benefits might be. You might disagree with these people but that doesn’t matter. They have every right to feel that way and choose those trade-offs, and if you cross them they get very loud very quickly. It may be the case that your product just isn’t going to work for them, and that’s a reality you have to live with.

Tell the Truth · People on the business side often underestimate the sharpness of peoples’ bullshit detectors. If you are genuinely tracking information purely to improve user experience (e.g. via Google Analytics for Android, which by the way is a terrific tool) say so, without any arm-waving.

If you’re tracking data so you can sell better ads and make more money, don’t try to hide it, just say so. If your service is free, that’s probably a perfectly OK trade-off.

I can remember once long ago, in a gas station bathroom, signs on the doors explaining that they were bringing in a charge to use the bathroom, “to improve customer service”. That was an irritating thing to do, but bullshitting about it made it way, way worse.

Summing Up · You can’t ignore the problem. You have to publish something. You have to be transparent. That’s all. I’m not going to say it’s easy, because it’s not; but it’s important.

By the way, here’s mine: Retention and Privacy (for the LifeSaver 2 app).


Comment feed for ongoing:Comments feed

From: William V. (Apr 09 2012, at 09:40)

What's the penalty for publishing an inaccurate privacy policy? Who enforces it?

Maybe I'm cynical, but until these policies are legally binding (and somehow audited) then the only real point of privacy enforcement is access to the data in the first place.


From: andrej (Apr 10 2012, at 08:10)

Adding to what William said, just about all companies reserve the right to change their privacy policies at any time with no notice, and they're all moot when a company is acquired or goes under.

In principle, they should be important, but until they're legally binding with real consequences for breaches, privacy policies are just security blankets.


author · Dad · software · colophon · rights
picture of the day
April 08, 2012
· Technology (77 fragments)
· · Internet (103 more)

By .

I am an employee
of, but
the opinions expressed here
are my own, and no other party
necessarily agrees with them.

A full disclosure of my
professional interests is
on the author page.