Rebecca J. Richards, Truste

Implementing Privacy in the Wireless World


The convergence of wireless technology and mobile computing is creating a new network for consumers to participate in Internet commerce. Just as the emergence of networked databases in the Internet economy have placed greater emphasis on consumer privacy protection, so too will the burgeoning Wireless Internet lead to important privacy considerations.

With more than 137 million U.S. wireless subscribers (9/02), getting privacy practices right will have a big impact. In a recent study by the Yankee Group, 52% of consumers were greatly/somewhat worried about wireless service providers having their detailed information. In an earlier study by Forrester 43% of consumers believed that 43% believe that location-based ads or offers threaten privacy and 71% indicate that they were not likely to agree to receive location-based ads or offers on their cell phone

Thus it is important to understand and address the issues surrounding protection of personal information that will shape this new medium before consumers' concerns stop them from using new products and services.

TRUSTe has launched a consumer-centric, cross-industry program to create standards and implementation guidelines that balance industry and consumer needs for Wireless Privacy. TRUSTe is bringing together wireless carriers, content providers and other industry leaders that are engaged in the creation, use, management, sharing and disposal of customer information resulting from wireless activity.

While data protection is not new to mobile commerce, there are privacy-related issues that are unique to the wireless world. TRUSTe has identified several issues that the Wireless Program Committee is reviewing to determine how to provide individuals with control over their personal information and providing them with choice in the protection of personally identifiable information in the wireless world.

TRUSTe has mapped many different consumer scenarios for data collection and uses of information in the wireless world. In most instances it is clear how the Fair Information Practices should be applied so that the consumer is fully informed, and the businesses providing the services are following industry best practices. What is unclear is how you properly implement those practices given the differences in the medium. It is here that the use and application of P3P may become key to such implementations.

Unique Wireless Privacy Issues:

Privacy Statements -- Small screen sizes on mobile devices coupled with relatively slow transmission speeds impact a user's ability to read and understand effectively a privacy statement. Lengthy, multi-page disclosures will lose their effectiveness in providing privacy protection. As more consumers embrace the wireless Internet - and more companies embrace it as a means to communicate to their customers - industry must consider alternative and complementary methods to communicate privacy policies to consumers.

Location Based Information - This is a new set of information that is being collected that many consumers find to be sensitive and the appropriate collection, use, and retention of this information has not been fully developed.

P3P as one possible solution

P3P may be able to alleviate some of the implementation issues around the small screens and lengthy privacy statements. We have found that many of the elements in a privacy statement for wireless provider will be similar to those for a online provider and so the portability to P3P should in many cases be possible.

The one area that may not be fully addressed in the Spec is the Location Based Information. W3C and the Spec group may want to consider this, as it considers the future of P3P.