Cover Your Privates: What App Designers Need to Know About New Mobile Privacy Laws


If you don’t believe Edward Snowden’s actions have cast a shadow over the practice of design, you’re mistaken. For designers and programmers developing apps and other mobile media, the privacy issues he’s raised should be a top concern, particularly when it comes to how we gather user information.

Data is in demand, especially your data; the high value put on collecting it is what drives the industry. And lawmakers and regulators are taking notice. App developers who fail to disclose material information or misstate how data is used or collected risk government investigation, enforcement actions by the Federal Trade Commission (FTC) or even private lawsuits.

The FTC and the Attorney General of California recently published some “best practice” guidelines and other state lawmakers and federal agencies are sure to follow. Entrepreneurs and designers who ignore these requirements risk hefty fines as well as losing the good will of their client’s user base

If you’re just starting to develop your design, here are four basics steps to consider:

1. Create a decision-making path for building privacy into the app you’re designing.

Consider the kind of data you’ll need to gather, keeping in mind that you should only collect the most basic information necessary for the app to function as designed. Will you need to ask for non-essential or sensitive data, like names, geo-location, financial or medical information, passwords, contacts, photos, videos or information about the user’s family, including children? If so, decide on and document your policies and the data use, sharing, retention and security practices.

2. Give the user control over his/her privacy.

Provide a “special notice” and a short privacy statement and provide the user with privacy controls, i.e. the ability to control the types of data collected. Under the suggested guidelines, you should offer a general privacy policy that includes a comprehensive overview of you data collection practices that also states how it complies with any applicable laws. For example, in California, the Online Privacy Protection Act requires operators of commercial websites or online services that collect “personally identifiable information” of California residents to post privacy policies on their websites and apps. (You can read theCalifornia Attorney General’s recommendations,and the terms of the California statute regarding privacy.)

3. Make the privacy notice easy to find.

The generally short attention spans of mobile users and the limited interface size of mobile devices indicate that privacy notices are likely to be sidelined. Regulators and lawmakers are especially concerned with the “Where’s Waldo” aspect of locating privacy controls and are now scrutinizing the design of privacy notification icons. Remember, clarity is king.

4. Treat children differently.

If there’s any chance that information concerning minors will be collected, you’d better brush up on theChildren’s’ Online Privacy Protection Act (COPPA). The FTC recently issued this warning and the Association for Competitive Technology (ACT), anapp industry group,also released a suggested set of age-aware privacy app icons for use by minors. While not mandatory, the suggested icons identify the goals well-designed icons should communicate.


How are designers responding to these changes? Two different dashboard approaches have emerged and, unsurprisingly, they tend to be associated with the most successful mobile operating systems, iOS and Android.

Apple has placed a privacy settings tab that contains entries corresponding to important types of data such as geolocation, contacts, calendar and photos.


In contrast, the Android dashboard is a little more convoluted, but it still provides the essential tools.


Icons are key here for helping users navigate their privacy settings. Standards for their use are only just emerging and are likely to evolve over the next few years (though for now they’re noticeably similar to nutrition labels). For designers, the lack of a uniform set of icon standards is one of the biggest challenges. Still, graphic standards within specific types of apps and across different operating systems do exist. And until we have a master list to work from, remember that clarity and giving notice to the user that their data is being accessed is just as (if not more than) important as aesthetics.

About the Author:

Frank Martinez, a former designer and Design Patent Examiner, founded The Martinez Group PLLC in 2008. Frank earned a BFA in Fine Art from Pratt Institute in New York. He served as Production Director for Landor Associates in New York prior to attending law school. Frank, after having been a Design Patent Examiner at the U.S. Patent and Trademark Office, has worked closely with design professionals for many years in both design and legal capacities. Frank Martinez by reason of his experiences understands firsthand the business and intellectual property issues faced by designers. Frank is also an Adjunct Professor at The School of Visual Art,  in the Designer as Entrepreneur MFA Design Program, where he teaches Intellectual Property and the Law.