FTC to App Developers: More Disclosure Needed

For some time the FTC has been focused on mobile shopping apps and whether businesses have been providing consumers with enough information about those apps. We have previously blogged about the FTC's concerns about mobile payment technologies.

Earlier this month, the FTC continued its efforts in this area and issued a staff report on mobile shopping apps, complete with recommendations for the companies that provide these apps. The gist of the recommendations? Provide consumers with clear and accurate information -- available before they download the apps -- about privacy, security, and who has liability for unlawful or erroneous purchases using the apps.

The report addresses three types of mobile shopping apps: price comparison apps; "deal apps" that locate coupons and discounts; and in-store purchase apps. The FTC staff identified a total of 121 apps in these categories, and evaluated all of the available "pre-download" terms and disclosures for each.

Based on its analysis, the FTC staff offered a number of recommendations:

• The FTC staff found that companies generally disclosed, prior to downloading, that consumer information would be collected, but that those disclosures contained, in the words of the report, "broad and vague" statements about how the data would be used. For instance, disclosures state that data might be used to "enhance" users' shopping experience, or indicate the "primary purpose" for collecting data without clearly stating what secondary purposes might be served by the data collection. The report recommends clarifying how such data will be used.

• Similarly, the report expressed concern that policies often state that data will not be sold or shared "except as described," but then reserve very broad rights to use the data. Moreover, up to one-third of policies reviewed allow companies to share data with no restrictions. The FTC recommends that companies clearly describe how they collect, use, and share consumer data.

• The report found that data security assurances are generally included in pre-download disclosures, but according to the staff such assurances are not always backed by effective security practices, and the report recommends that companies improve in this area. Further guidance from the FTC on this topic is available here.

With respect to in-store purchase apps, the FTC staff concluded that terms concerning liability and dispute resolution are often unclear and sometimes misleading:

• The report finds that nearly half of the in-store purchase apps reviewed did not disclose how the app company would handle an unauthorized, fraudulent, or erroneous transaction. The FTC recommends that companies disclose consumers' rights and liability limits for such transactions.

• As the FTC staff notes in the report, when an app allows the user to pass charges through to an external funding source (e.g., a bank account or credit card), such users are protected by federal liability limits. Nonetheless, according to the report, several companies who offer such apps disclaim all liability in their pre-download information which may lead users to believe that they must pay for unauthorized charges of any amount. The report therefore recommends that companies provide users with clear information about statutory liability limits.

• The report concludes that consumers may not realize that apps using a "stored value" model, in which users move money into an account associated with the app, have no statutory liability protection. The report recommends that companies tell consumers up front how the payment service works and what they can do if they encounter a problem.

The recurrent theme of the report was that the FTC staff wants companies to provide information that enables consumers to make informed, up-front decisions about the apps they download and use. To that end, the FTC recommends -- not for the first time -- that companies providing mobile shopping apps describe clearly how they collect, use, share, and secure consumers' personal and financial data, and also that mobile payment companies should provide clear information regarding dispute resolution and liability limits.

© Arnold & Porter Kaye Scholer LLP 2014 All Rights Reserved. This blog post is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.