Multistakeholder Meetings to Develop Consumer Data Privacy Code of Conduct Concerning Mobile Application Transparency (Jan 31 2013) (updated w/agenda)

Multistakeholder Meetings to Develop Consumer Data Privacy Code of Conduct Concerning Mobile Application Transparency

National Telecommunications and Information Administration
Department of Commerce
January 31, 2013
http://www.gpo.gov/fdsys/pkg/FR-2012-12-20/pdf/2012-30684.pdf

Agenda

1:00 p.m. Welcome

1:10 p.m. Facilitated Discussion – Issues Tabled or Raised at the January 17, 2012 meeting concerning the Application Developers Alliance, et al. Discussion Draft (1/15/13 Discussion Draft; Redline Version of 1/15/13 Discussion Draft):

• In Section II(A), should the term “Files Stored on the Device (Including, e.g., calendar, pictures, text files and video)” be revised? (5 minutes)
• In Section II(A), should the term “Financial Information (Includes credit, bank and other customer-specific financial information including purchase history other than information collected for a purchase either within or through the app)” be revised? (5 minutes)
• In Section II(A), should the term “Health, Medical or Therapy Information (Including health and disease management, diagnoses, insurance company information such as past and present claims, and information collected by the app that measures your health or wellness)” be revised? (5 minutes)
• Should Section II(A) include “Age of User?” If so, should the term “Age of User (Your age and/or date of birth)” be revised? (5 minutes)
• Should Section II(A) require the disclosure of data collected through direct user submissions? (10 minutes)
• Should Section II(A) require the disclosure of data collection that is necessary for the app to function? (10 minutes)
• In Section II(B), should entity types be disclosed to consumers, or should the degree of third party sharing be disclosed instead? E.g. “no third party sharing,” “sharing directly with third parties but no further disclosure,” or “sharing directly with third parties plus further disclosure by those third parties to others.” (10 minutes)
• In Section II(B), should the list of entity types be revised to reduce overlap between entities, e.g. “affiliated businesses” and “content publishers?” (10 minutes)
• In Section II(B), should short form notices include disclosure of third-party data sharing with “affiliated businesses?” If so, should the term “affiliated businesses” be revised and/or more precisely defined? (10 minutes)
• In Section II(B), should short form notices include disclosure that an app shares data with “data brokers?” If so, should the term “data brokers” be revised and/or more precisely defined? (10 minutes)

2:30 p.m. Break

2:50 p.m. Facilitated Discussion – Issues Tabled or Raised at the January 17, 2012 meeting concerning the Application Developers Alliance, et al. Discussion Draft (continued):
• Should the term “share” be more precisely defined? (5 minutes)
• Should language referencing “responsive design” be included in Section III? (5 minutes)
• How should long form notices be treated in the code? Is the current language in Section IV sufficient? (10 minutes)
• Is the language in Section I best treated as part of a code of conduct or as a separate “principles document?” (10 minutes)

3:25 p.m. Review of Issues Resolved by Consensus at the January 17, 2012 meeting:
• “Shall” and “must” defined as mandatory. “Should” defined as recommended.
• “Other developers or networks” removed from Section II(B) (short form notice).
• Section IV revised to include “These links should include explanations of how consumers may request deletion of their data collected by the app, if such deletion is available.”
• “Stored images (such as files or images)” removed from Section II(A) (short form notice).
• “Already” removed from the bullet “Files Already Stored on the Device (Including, e.g., calendar, pictures, text files and video)” in Section II(A) (short form notice).
• General approach supported for treatment of the terms “financial information” and “health, medical, or therapy information.”

3:35 p.m. Usability Testing Options
• Mark Blafkin (Executive Director, Innovators Network) (15 minutes)
• Facilitated Discussion (30 minutes)

4:20 p.m. Procedural Issues (next steps, proposed agenda items for February 21, 2013 meeting)

4:50 p.m. Farewell