GSMA has prepared privacy guidelines within their “GSMA Mobile Privacy Initiative“.
What this is about?
See their brochure:
In January 2011, the GSMA published a set of universal Mobile Privacy Principles that describe the way in which mobile consumers’ privacy could be respected and protected when consumers use mobile applications and services that access, use or collect their personal information.
GSMA also published a discussion document in April 2011, outlining a set of Privacy Design Guidelines for Mobile Application Development.
- Openness, Transparency and Notice
- Purpose and Use
- User Choice and Control
- Data Minimisation and Retention
- Respect User Rights
- Security
- Education
- Children and Adolescents
- Accountability and Enforcement
Privacy Design Guidelines for Mobile Application Development
(Shortened list for readability)
- Transparency, choice and control (TCC) guidelines
- TCC1 Do not surreptitiously access or collect personal information.
- TCC2 Identify yourself to users
- TCC3 Let users exercise their rights.
- …
- Data retention and security (DRS) guidelines
- DRS1 Actively manage identifiers.
- DRS2 Keep data secure.
- …
- Education guidelines
- E1 Educate users about the privacy implications …
- Social networking and social media (SNS) guidelines
- SNS1 Prompt users to register for social networks, but be careful about mapping registration information to public profiles.
- SNS2 Ensure default settings are privacy protective and give users control of their
personal profiles… - SNS3 Take measures to protect children from endangering themselves.
- …
- Mobile advertising (MA) guidelines
- MA1 Inform users about advertising features.
- …
- Location guidelines
- L1 Inform the user that location will be used and give them choice.
- L2 Capture appropriate consents to use location data.
- Children and adolescents (CA) guidelines
- CA1 Tailor applications to appropriate age ranges.
- CA2 Set privacy protective default settings.
- …
- Accountability and enforcement guidelines
- AE1 Assign responsibility for ensuring end-user privacy is considered and delivered
throughout the product lifecycle… - AE2 Give users tools to report problems regarding an application.
- AE1 Assign responsibility for ensuring end-user privacy is considered and delivered