By Angelique Carson, CIPP/US

At the Federal Trade Commission one-day public workshop May 30, experts discussed online and mobile disclosures. The FTC is looking to update its last guidance on mobile privacy disclosures, released in 2000.

Moderated by FTC staff, panelists discussed such topics as how, when and where to make advertising disclosures to consumers, especially given the small screen sizes of mobile devices.  

A researcher on human computer interaction at University of California Berkeley, Jennifer King, opened a session on universal and cross-platform advertising disclosures by explaining the concept of user-centered design with a digital presentation based on a users' perceptions, expectations and needs. Because people are goal-oriented, King explained, when performing a task, they narrow their focus to only what's necessary to reach that goal. Such "selective attention" is important to keep in mind when considering advertising disclosures, King said.  

Additionally, users have been trained to scan a webpage for the most relevant information by reading it in an "F" shape pattern, King said, and so need a visual hierarchy to decipher meaning. Websites' disclosure models--generally lacking such hierarchies--aren't doing a sufficient job, she added, and stakeholders must realize that simply applying that model to smaller-screened mobile devices won't be effective. A more successful model may be that which was recently developed by Carnegie Mellon University doctoral candidate Patrick Kelley and colleagues. Kelley's disclosure resembles a nutrition label, effective for both its readability and "the distillation of the text into key points," King said.

During a panel discussion on cross-platform advertising disclosures, panelists largely agreed that putting disclosures behind hyperlinks is an acceptable disclosure method but agreed that material disclosures should be displayed more prominently.  

In a session on mobile advertising disclosures, the Interactive Advertising Bureau's Anna Bager noted the inherent struggles associated with small screens, not only because of the size but also because the user is often in a different mindset than when operating on a desktop or larger platform.  

"Consumer expectations are different on mobile phones," agreed Michelle De Mooy from Consumer Action. "It's a very personal product. Users are pretty unaware of the ecosystem that surrounds them, the marketing ecosystem. They tend to think of their phones as something that is not a website."

Though some panelists advocated against having a "check-the-box" disclosure method, De Mooy said no matter how advanced technology becomes, "it's still going to be pretty easy to check a box" and lauded its utility from a design standpoint.  

Jim Halpert, general counsel to the Internet Commerce Coalition, noted the importance of providing "proximite notice" when it comes to recurring or negative-action contracts. Notice should be placed "close to the point where the user is going to click to accept the arrangement of the disclosure, because that's a material term and there's potential class-action liability under state laws for failing to comply," Halpert said.  

Texas Assistant Attorney General Paul Singer said that from a regulator's standpoint, proximity is "still a very key concept to making sure consumers see and understand disclosures."

Noting its practicality for every device--regardless of size--the IAB's Bager said responsive design "solves a problem across many platforms."  

Panelists seemed to agree with De Mooy's comment that businesses today would be wise "to start with mobile and then head to the web. It makes more sense to design that way."  

In a session on mobile privacy disclosures, Create with Context, Inc. CEO Ilana Westerman presented research indicating consumers don't quite understand the extent to which companies are using their data and do care about transparency and having options on how their data is used. The research also found consumers don't want to be interrupted with disclosures and only want the disclosure at a point that they care, such as before they hit "buy," for example.  

As one solution, Westerman recommended the development of a trust icon for disclosures, a pull-down screen indicating to users that personal data is being sent and allowing them to click for more information.  

Jim Brock of PrivacyChoice said it's important to speak in a language that users can actually understand and warned that a privacy icon could be problematic because of the numerous iterations of privacy policies from company to company.  

"It's going to be hard to have icons that are not, in many cases, cryptic to the user," he said.  

The World Privacy Forum's Pam Dixon said she recommends companies use every medium available to reach consumers when it comes to disclosures, including e-mail, Facebook and Twitter. She said it's important to have robust disclosures and be creative with that robustness.  

"When you're researching something, after a notice is read the first time, it's toast," Dixon said, adding she recommends monthly disclosure reminders if necessary.  

Kevin Trilli of TRUSTe said the company is creating a short-notice privacy policy for mobile devices and apps.  

"How do you get a consumer to read a policy in three seconds?" he said, adding "consumers don't have time to decide more than three things."  

Westerman closed the panel by noting her research indicates there's more to be done when it comes to mobile disclosures.

"But that's because we're just getting started," she said.  

The FTC is expected to release a report on mobile and online privacy disclosures in the fall, and is accepting comments from the public through July 11.


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

The Privacy Core™ Library Has Evolved

Privacy Core™ e-learning essentials just expanded to include seven new units for marketers. Keep your data safe and your staff in the know!

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Let’s Get You DPO Ready

There’s no better time to train than right now! We have all the resources you need to meet the challenges of the GDPR.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.


The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for DPO readiness. Learn more today.

Learn more about IAPP certification »

Are You Ready for the GDPR?

Check out the IAPP's EU Data Protection Reform page for all the tools and resources you need.

IAPP-OneTrust PIA Platform

New U.S. Government Agency privacy impact assessments - free to IAPP members!

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

More Resources »

Europe Data Protection Intensive 2017

The Intensive is sold out! But cancellations do happen—so hurry and get on the wait list in case more seats become available.

Global Privacy Summit 2017

The world’s premier privacy conference returns with the sharpest minds, unparalleled programs and preeminent networking opportunities.

Canada Privacy Symposium 2017

The Symposium returns to Toronto this spring and registration has opened! Take advantage of Early Bird rates and join your fellow privacy pros for another stellar program.

The Privacy Bar Section Forum 2017

The Privacy Bar Section Forum is sold out! But you can still add your name to the wait list, and we'll keep in touch about your status. Good luck!

Asia Privacy Forum 2017

Call for Speakers open! Join the Forum in Singapore for exclusive networking and intensive education on data protection trends and challenges in the Asia Pacific region.

Privacy. Security. Risk. 2017

Call for Speakers open! This year, we're bringing P.S.R. to San Diego. Submit today and be a part of something big! Submission deadline: February 26.

Europe Data Protection Congress 2017

Call for Speakers open! The Congress is your source for European policy debate, multi-level strategic thinking and thought-provoking discussion. Submit a proposal by March 19.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»