Twenty years ago, when first accessing the internet, as we set up our email addresses, we were so enthusiastic about the technology and a bit less concerned about the information that we were sending to the World Wide Web. We were often caught up with it and just clicked though to the window box that said "information you are sending across the net may be viewed by others." We just enjoyed surfing and sending out emails.
That was then, but during the turn of the century or more appropriately the decade, usage became different and the modalities of using the internet today have significantly changed. People want to be connected on the move. A lot of them are accessing the internet through the use of their handheld devices, and as we continue to the narrow the gap between telecommunications and internet, more and more people are asking whether it is safe to transcend our personal information across the virtual world of the web. And as both industries converge, have a look at the laws that could safeguard and protect the information we transmit. The GSMA has stepped in to start creating the framework to protect all of our data.
Different laws regarding privacy have existed and it usually varies depending on the country. But as GSM Association introduced the Mobile Privacy Principles, it soon changed the landscape of privacy for the converged society. While the initiative is not meant to replace applicable laws and regulations where such exist, it is meant to start a process that seeks to shape the way privacy is advanced, managed and protected across the emerging mobile eco-system. It encourages and involves participants from different industry players including regulators, civil society and consumer representatives. The purpose of the principles is to foster business practices and standards that deliver meaningful transparency, notice, choice and control for users with regards to their personal information and the safeguarding of their privacy.
The objective is to create a framework that identifies in broad terms the privacy standards for mobile users of which can be applied to a wide range of applications and services that they use, i.e. the 'privacy outcomes'. These privacy outcomes should reflect commonly accepted privacy principles set out in international instruments and guidelines on privacy and data protection. The foundational principles below, based on these international instruments and guidelines, describe in high-level terms what these outcomes should be in a mobile context.
The intentions for these privacy principles to be adopted is that it would serve as a framework and would then inform separate standards and codes to be able to address specific privacy issues, just like 'location privacy', transparency, notice and choice mechanisms. These codes or standards should identify proportionate and effective measures to ensure that mobile users' privacy is being protected, either in general or in specific contexts or service scenarios. The intention is that these codes or standards will seek to adopt a 'Privacy by Design' approach, and would ensure these approaches are as consistent and would work across most if not all mobile services and applications, so that both industry stakeholders and users become familiar about how privacy can be managed.
Guiding Principles
The Mobile Privacy Principle is being developed to ensure transparency of data usage as well as to protect the privacy of the end users. Here are the main guiding principles that would serve as the cornerstone in developing it.
Openness and Transparency - Users shall be provided with information about persons collecting personal information about them, the purposes of an application or service, and about the access, collection, sharing and further use of a users' personal information including to whom their personal information may be disclosed, enabling users to make informed decisions about whether to use a mobile application or service.
Purpose and Use - The access, collection, sharing, disclosure and further use of users' data shall be limited to meeting legitimate business purposes, such as providing applications or services as requested by users, or to otherwise meet legal obligations.
User's Choice and Control - It allows the end user to choose what they would want or where they would want to use/send their personal information.
Minimized Data Requirement and Retention - Only the minimum personal information should be required to be able to transact to a legitimate business purpose and to deliver, provision, maintain or develop applications and services to be collected and otherwise accessed and used. Personal information must not be kept for longer than is necessary for those legitimate business purposes or to meet legal obligations and should subsequently be deleted or rendered anonymous.
Respect of User Right - Users should be provided with information about, and an easy means to exercise, their rights over the use of their personal information.
Security
Personal information must be protected, using reasonable safeguards appropriate to the sensitivity of the information.
Education
Users should be provided with information about privacy and security issues and ways to manage and protect their privacy.
Children & Adolescents
An application or service that is directed at children and adolescents should ensure that the collection, access and use of personal information is appropriate in all given circumstances and compatible with national law.
Accountability & Enforcement
All responsible persons are accountable for ensuring these principles are met.
With the Mobile Privacy Principle put into place, it would surely pave the way to a mobile privacy law that would work well with the existing privacy laws of different countries. The best thing about it is that end users' perspectives and views are the focal attention in developing it. World Wide Web Consortium (W3C) being the pioneering group in developing the web, has welcome the moved by GSMA, and they are supporting and will collaborate in ways that will further enhance the development of the privacy guidelines.
Development over the past few decades has been very significant not only because the web has melded with the telecom industry, but also because it was a dream being realized, a dream that true mobility is here and access to the internet with the use of handheld devices is the real model of mobility. Now as it continues to grow and develop, it is good to know that groundwork for securing user experience is being put into place. An excellent part is that the foundation of those security measures is based on the user experience. What would make them comfortable, what would make them trust the web more and what would make them maximize the usage of their mobile device to attend to their normal transactions be it an email, Facebook, bank transactions, etc. All of these examples entail working with sensitive personal information that needs safeguarding.
And this is where mobile privacy guidelines would come in, to ensure and promote transparency thereby creating a more comfortable, secure as well as rich internet experience for the end user.
© Telecom Review 2011
