Putting Users First: How Can Privacy be Protected in Today’s Complex Mobile Ecosystem? GSM Association

29 September 2011 - A Workshop on Security in Nairobi, Kenya


•Moderator introduces key issues and panellists
•Panel discussion
•Q&A session (including remote participation)
Traditional approaches to ‘online privacy’ are often based on ‘compliance’ with a patchwork of local laws (where they exist). However, as new mobile services, applications and data flows become increasingly global, geo-graphically-bound laws appear unable to keep pace. Self-regulation has an important role to play in ensuring that mobile users’ privacy is treated consistently irrespective of the location of companies, the technologies and business models involved. A key challenge for industry is (a) to identify mobile-friendly ways of helping users make informed decisions about their information and privacy; and (b) to ensure user privacy is respected and protected by those designing and building the services and applications of tomorrow.
The aim of this proposed workshop is to foster a constructive conversation around three key issues:
1.Are privacy challenges on the mobile platform different to the fixed-pc environment? [Particularly in the context of:
a.Location privacy
b.Behavioural Advertising
c.Applications and related services]
2.To what extent is mobile users’ privacy protected across technological and legal boundaries?
3.What are different stakeholders doing, what can they do and what should they be doing to address these challenges?



A brief substantive summary and the main events that were raised:
The workshop was well attended (at full capacity) and both the panel discussion as well as the subsequent Q&A session touched upon a number of important issues and challenges in relation to protecting and respecting mobile users' privacy in today's global and complex mobile ecosystem.

Panellists and attendees agreed there is a need to help users make informed choices and control how their personal information and privacy is treated by companies they have an account with (and their third party affiliates)

Panellists welcomed GSMA's mobile privacy initiative which is aimed at bringing the industry together with a view to designing guidelines for mobile application developers so as to ensure user privacy is respected and protected

Other points covered included:

• How privacy challenges on the mobile platform differ to the fixed-pc environment

• The implications to mobile users' privacy of using services established in different countries with different technological and legal boundaries

• Examples were given where companies are competing with each other on how they allow their customers to control their privacy settings.

Conclusions and further comments:
The GSMA welcomed the opportunity to host this workshop at the
IGF and looks forward to attending and hosting future workshops at subsequent Internet Governance Fora.

The mobile and web industries are in a process of unprecedented convergence.

We are seeing the continuing innovation and rapid emergence of new social media and applications, many of which are being used across a multiplicity of networks and always-on Internet-enabled devices.

These developments bring enormous economic and social value to individuals and to society as a whole.
They also increasingly enable individual users to shape and present rich and personal identities online while bringing virtual communities of their choice literally in to the palm of their hands.

However, in a rapidly evolving and globally connected information society, this presents a continuing challenge as online and mobile service providers seek to comprehend and comply with myriad national legal requirements, while at the same time seeking to meet users’ privacy expectations. These expectations increasingly transcend geographically bound legal frameworks as users seek consistent treatment of their privacy.
Industry should continue seeking self-regulatory solutions to these challenges ensuring that mobile users' pricacy is respected and protected irrespective of technological, legal and geographic boundaries.