With the ever increasing use of mobile apps designed to do everything from shopping, to online banking, to managing medical conditions, the Federal Trade Commission (FTC) recently issued guidance for the marketing of mobile apps. The guidance is intended to help companies entering the mobile app business to comply with the agency’s truth-in-advertising standard and basic privacy principles. This guidance applies to companies developing mobile medical apps to run on smart phones, tablet computers, and simialr mobile hardware technology. Accordingly, in addition to assessing the potential FDA regulatory status of mobile medical apps per FDA’s July 19, 2011, draft Mobile Medical Applications guidance, and associated FDA labeling requirements, companies should also familiarize themselves with the FTC’s user-friendly guidance. Importantly, just because your app may not be a mobile medical app that FDA intends to actively regulate at this time, the FTC rules will still apply to the advertising of that app. These rules include:
- Do not make false or misleading claims, or omit important information;
- Support objective claims with competent and reliable scientific evidence;
- Disclose key information clearly and conspicuously.
Fortunately for medical device manufacturers, the labeling and promotional requirements imposed by the FDA and FTC as they relate to medical devices are largely complimentary. For example, the FTC requires manufacturers of mobile apps to support claims of health-related benefits with “competent and reliable scientific evidence.” FDA requires similar substantiation of medical device claims.
While from a marketing perspective the new FTC guidance may not throw any real curve balls at the medical device industry, the guidance also discusses privacy issues that arise from the use of mobile apps. Privacy issues are particularly acute for mobile medical apps, which may collect, store and transmit sensitive medical information. The guidance recommends that, prior to collecting medical information, mobile apps should obtain affirmative consent from the user to collect that data. In addition, app developers should be aware that apps that collect personal information from or about children under age 13 may be subject to additional requirements under the Children’s Online Privacy Protection Act (COPPA) and FTC’s COPPA Rule. In general, the guidance advises that privacy practices should be transparent to mobile app users, who should be made aware of what information the app collects and what the app does with that information. The key privacy guidelines FTC has idenitfied include:
- Be transparent about data practices;
- Obtain user consent for any collection or sharing of information that is not apparent;
- Obtain user consent prior to collecting sensitive information, such as medical, financial, or precise geolocation information;
- Offer privacy choices that are easy to find and use;
- Honor privacy promises;
- Protect the privacy of children;
- Keep user data secure by:
- Collecting only the information needed;
- Taking precautions against well-known security risks to secure the data that is retained;
- Limiting access to a need-to-know basis; and
- Safely disposing of unneeded data.