Microsoft have announced that Windows Phone is being investigated by regulators regarding what kind of oversight is in place to make sure mobile applications don’t encroach on user privacy rights.
Regulators have made some inquiries at Microsoft about the role the company plays in monitoring privacy policies of apps on Windows Phones, said Mary Newcomer Williams, the Microsoft attorney. “Suddenly, they’re realising this is something they should be concerned about but they’re not sure how to tackle it,” she said. “Regulators are interested in looking to platform providers to play an enforcement role in this space.” That’s because there are so many mobile applications that it would be a major undertaking for regulators to oversee all of them.
But Microsoft doesn’t particularly want to play that role, she said. “On the platform provider side, we aren’t really equipped to do that kind of enforcement either,” she said. “We enable the download of a file to the phone. We don’t know where it connects to and what data might come off the phone. So the idea that we might enforce a privacy policy that gets the right kind of consent, it’s hard to imagine how you can do it.”
Third party
She suggests that the best solution might be for a third-party organisation to educate application developers on proper privacy practices and possibly run a certification programme to demonstrate that apps comply with set requirements.
Williams spoke on November 14 in Seattle at a conference put on by Law Seminars International about legal issues in mobile broadband.
Most operating system developers have privacy policies but accountability isn’t clear, said Chetan Sharma, principal at Chetan Sharma Consulting. If an application does encroach on a user’s privacy, it’s not clear who is to blame.
Part of the problem is that clear regulations don’t exist about what kinds of privacy rights mobile users have. That’s an indication of how new the market is, Sharma noted. Until a few years ago, there wasn’t a vibrant mobile application market, and laws that regulate that market don’t exist yet.
Some operating system providers like Microsoft and Apple set privacy requirements for applications and approve applications before they can enter their respective app stores. Google, however, has a much more hands-off approach where it has defined some policies but it doesn’t serve as a gatekeeper. Developers can upload any application to the Android Market, but Google will remove applications that are found to run afoul of the policies.
Regional variations
Another new legal issue faced by Microsoft and other mobile software developers is complying with the many different regulatory regimes around the globe that apply to cloud-based services that users access from their smartphones.
Just a few years ago, Microsoft would sell its mobile operating system to an OEM and say “ship where you want and compliance is your problem,” Williams said. Now, however, the operating system includes hooks back to services that Microsoft is delivering to the end users like search. That means Microsoft must be sure to comply with local regulations.
When Windows Phone first launched, it became available in 35 countries and Microsoft didn’t necessarily want to build to the lowest common denominator, she said. With the newest version of the software, the company plans to expand into many more countries, she said. To address this issue, Microsoft worked to “build in switches” in the most sensitive services so that they can be easily turned off based on regulations in specific geographic regions, she said.
View full post on National Cyber Security » Computer Hacking
