FTC: Shopping App Disclosures Are Failing13 Aug, 2014 By: Doug McPherson
WASHINGTON – A new Federal Trade Commission (FTC) report says mobile shopping apps are failing to tell consumers about how their personal data will be used.
The FTC says most of the apps it evaluated (121 apps available at Google Play and iTunes) had privacy policies, but that they didn’t adequately explain data-sharing practices.
The FTC found that 29 percent of the price comparison apps, 17 percent of the discount apps and 33 percent of the payment apps didn’t place any limits on their right to share users’ personal data.
“As mobile apps become more central to the shopping experience, it’s important that consumers have meaningful information about how those apps work before they download them,” Jessica Rich, director of the FTC’s Bureau of Consumer Protection, says in a news release. “Consumers should not be left in the dark about their potential liability for erroneous or unauthorized charges or about the way shopping apps handle their data.”
The FTC is now recommending that developers give consumers more detailed information about privacy, as well as dispute-resolution procedures, before they download the app.
“In addition to being able to understand their rights and protections in case something goes wrong with a transaction, consumers should also be able to evaluate apps’ data practices before signing up to use a particular service,” the report says. “Companies providing mobile shopping apps should clearly describe how they collect, use, share, and secure consumers’ personal and financial data.”
Apps often collect names, mailing addresses and phone numbers and could be used to commit fraud if they fell into the wrong hands, the report shows. Perhaps more disturbingly, between 11 to 33 percent of those apps also collected Social Security numbers, and 11 to 14 percent of them collected driver’s license numbers, with the in-store payment applications collecting the most data, the report shows.
Digital collections of transaction data have already enabled hackers to steal from millions of customers of stores including Target during the past year, leading to heavy scrutiny from Congress and the cybersecurity community. Sen. Jay Rockefeller (D-WV),chairman of the Senate Commerce, Science and Transportation Committee, also introduced the Data Security and Breach Notification Act in January, which would require the FTC to issue security standards for companies that manage customer information.