The Importance Of A Layered Privacy Policy On All Mobile Internet Sites And Mobile Marketing Campaigns

Posted on July 20, 2011



In the rapidly evolving world of internet and mobile technology, there is an ever present need to offer consumers increased protection and privacy.  Companies can best offer their customers reassurance by providing them with easy access to answers about how and when personal information will be used by disclosure of privacy practices. This is especially true with mobile internet sites and SMS text marketing because the medium doesn’t lend itself to lengthy, complex information.  The idea of layered notices provides the consumer with information about a company’s privacy policies in easy to read, understandable language, while still providing a more complex version of the same. The major issue confronting the United States is the lack of real standards or specifications as to how privacy notices should be issued and what specific content should be included. This article investigates these issues and possible solutions.


Definition and Purpose of Layered Notices

Most privacy policies are too complex and contain language that is confusing and full of droning legalese. Research from TRUSTe and TNS shows that only 20% of consumers read privacy policies most of the time (75% or more).  A solution to the long and overly complex privacy notice is the Multi-layered notice.  Multi-layered notices can build both trust and confidence in the consumer by providing a simpler approach to privacy notices. Proponents of standardized privacy notices argue that they are key to fostering a sense of trust in online business, as well as making citizens fully aware of their online rights.

Most experts agree that effective transparency (producing the desired result of being readily understood and free from pretense or deceit) is the key to good privacy. In order to have effective transparency, privacy notices must be easy to understand, allow comparisons and afford action ability. Privacy notices must also be designed for differing requirements from country to country and jurisdiction to jurisdiction. In order to facilitate the ability to understand a privacy notice, the language must be plainly written, short and easy to read. Complete notices, by nature, are more complex and harder to understand. Both the plain notice and the complex notice are needed to allow good privacy and meet the needs of regional requirements. This is why there is a need for multi layered notices to be done on each Internet site.


The recommendations in the European Union (EU) Article 29 Working Party from December 2004 are a solid and practical way to do privacy notices. These recommendations have gained wide acceptance within and outside the EU. This structure is as follows-


The Layers of Layered Notice.

‡ Layer 1 – The short notice: the very minimum, for example, when space is very limited, providing only the identity of the data controller, contact details, and the purposes of processing.

‡ Layer 2 – The condensed notice: covering the basics in less than a page, ideally using subheadings, and covering Scope; Personal information collected; Uses and sharing; Choices (including any access options); Important information; How to contact us.

‡ Layer 3 – The full notice.


The US has guidelines but there are no formal standards for multi-layered notices and consensus on a solution has been harder to establish.


Mobile Internet Sites

Nearly 61% of the global population has a mobile phone, 84% in the United States.  The mobile device is becoming the primary communication tool for people, one that encompasses all consumer profiling (demographics) factors, e.g. age, gender, ethnicity, education, income, etc.  Over 41 million consumers in the US have access to the Mobile Internet and use it on a regular basis (at least once per month).  And as we head deeper into the millennium, there will become an even larger demographic that is walking around conducting most if not all of their business via their phones instead of their computers. Given the size and rapid growth of mobile it is becoming an imperative for companies to develop an optimized Mobile Internet site to gain access to this wealth of consumer information and resources.


As the Mobile Internet grows and companies establish their mobile presence there is the need to establish guidelines and best practices for mobile marketing and mobile internet.  To attend to this need the Federal Trade Commission held a two-day town meeting, “Beyond Voice: Mapping the Mobile Marketplace,” in Washington, D.C. in May 2008.  Privacy notices were one of the primary topics discussed as well as ways to ensure rules are adhered to the same manner as the desktop internet marketing and internet world.  Within each Mobile Site (A Mobile Site is a website which is specifically designed for optimum performance when viewed not on a regular computer screen but on a small mobile device such as a cell phone, a PDA etc) that is created by companies there needs to be a notices section that is a layer of the privacy policies and user policies that are found on the main Desktop Internet site.  This layered notices section should be optimized versions of the main privacy/user policies enabling the end user to understand that the site follows the same guidelines.  Users want to be ensured they are in a safe environment within the mobile internet as well as the desktop Internet.


(show site PC site and a mobile site Graphics)




Recommendations for Privacy in Mobile

Ensuring that the notices are layered gives the users a quick overview of the safety of the site, i.e., if you look at you’ll see at the end of each page the following layered notice: notice – we will not sell or rent your information… for more details visit on your desktop computer, which ensures the user that if they indeed enter their email address to stay updated via their mobile, this email address is safe within the hands of  and will not be sold.


Example Graphics


The minimum mobile privacy policy should be at least the Layer 1 information (The short notice: the very minimum, for example, when space is very limited, providing only the identity of the data controller, contact details, and the purposes of processing) and directions to go to the PC/MAC site for full notices.  Each company that decides to develop a mobile internet presence must determine if they need to include a full set of all privacy notices, both the plain and complex that might be necessary due to the nature of their business. For instance, with a mobile banking site, there are quite a few more feel good notices that should be included in order for a mobile user to feel comfortable within the mobile walls of that site  American Express does a great job with the following link on their mobile version: All use of this site subject to Mobile Site Terms.  Within this link there are the following links for a more thorough review if you are in need of using this mobile banking system while on the go.


Terms of Use/Disclosures

Mobile Site Terms

Web Site Rules and Regulations

Privacy Statement



Each link includes important terms, rules, regulations, and privacy statements to ensure the end user is safe and can go ahead and use their device to transact business on this mobile site.  An example of an inadequate policy would be the Netflix mobile privacy policy.  Their site simply contains the words: Netflix Terms of Use apply. Without a link to at least a top line review of a few important terms of use and a direction back to the main PC/MAC site for further information.  With this as simply the only privacy notice available, the user may balk at continuing on the mobile device and wait until they return home to review the mobile terms of use, in case they may be different. The company could lose a large percentage of users that may have been picked up quickly on the mobile, forgetting when they return home to go back to the site and ensure the safety of the mobile device.   


Another example in the case of there is no privacy policy at all.  Even though this site is information only and not functional, if you go to on the desktop Internet you will see that they see importance of a privacy policy on the main desktop site  i.e., Terms of Use Privacy Policy/Your California Privacy Rights.  This lends to the argument that if this is needed on the desktop Internet version, why not on the mobile version?



SMS text message marketing campaigns

SMS is becoming THE marketing tool of the near term future in the mobile world. According to the DMA (Direct Marketing Association) there will be an expected 3 Billion SMS ads send by 2011 vs. the 41 Million ads sent in 2007.  SMS marketing messages are also far more likely to be viewed (70%) than email marketing messages (30%).  Because of the largely unregulated proliferation of mobile marketing, in December of 2008 (revised January 2009) the MMA (Mobile Marketing Association) issued Consumer Best Practices Guidelines for cross carrier mobile content programs. The guidelines were issued to help ensure that mobile marketing providers made consumers are aware of their rights and privacy with regard to mobile marketing.  For example most consumers don’t actually realize the method of opt out for the text campaigns. This should, at the very least, be added to the end of each SMS text campaign to ensure users know how to opt out of receiving text messages (MMA Consumer Best Practices, section 8.0). 


With this knowledge the user will feel safer in receiving these marketing messages in their coveted text window as they will understand that they can opt out at any time.  Because of this knowledge the consumer is more apt to allow these ads and also to shop from these ads without issue.  If these ads are forced by the marketer onto the consumer, without a means to opt out there will be an annoyance factor that could ruin the credibility and trust of the companies that use these marketing tools. does this well with a note on the website as well as the mobile site Text Stop to 65246 to opt-out at any time.


Example Graphics


The Bottom Line


At the end of the day, gaining and keeping a customer’s trust is key to successful mobile marketing.  According to a behavior targeting study conducted by TRUSTe published in March 2009, more than half of consumers are concerned about their safety and privacy on both the mobile and online.  Most people, about 80%, don’t read long notices due to time or understanding. Because of this lack of readership and failure to disclose can result in heavy fines and penalties, it is important that companies doing business in a mobile world find simpler ways to inform consumers as to how and when private information is collected and used and ensure that they can find the privacy information. That is why the multilayered approach is so critical to effective transparency.


Using a multilayered approach gives people choices: The choice to read both a plain and complex version and the choice to compare notices from one site to another. Consumers really want to understand three things.


  1. Notice – the marketers’ identity or products and services offered and the key terms and conditions that govern an interaction between the marketer and the their mobile device
  2. Choice and Consent – their right to control which mobile messages they receive by obtaining opt-in consent and implementing a simple termination, or opt-out, process
  3. Security – the implementation of reasonable technical, administrative and physical procedures to protect their information from unauthorized use, alteration, disclosure, distribution, or access.


Answer these questions and you will build up the confidence of your customer and enhance your brand image.


Reference Documents

Ten steps to develop a multilayered privacy notice: Prepared by leading lawyers and experts in privacy with The Center for Information Policy Leadership,


FTC Airs Mobile Marketing’s Dirty Laundry: Enid Burns, ClickZ, May 9, 2008,


MMA Issues Mobile Privacy Guidelines:  Mark Walsh, Wednesday, July 16, 2008,


AOTA Recognizes World Data Privacy Day by Announcing Business Practices to

Increase Consumer Trust:  Marketwire,  SEATTLE, WA,  Jan 28, 2009,



More Impressive Text Message Usage Figures:  Posted by Justin, In The News, May 30, 2008,


Europe takes lead on improving online privacy notices: Scarlet Pruitt, February 22, 2005,


Building Consumer Trust Through Online Privacy:  Ben Silverman, PR Fuel. March 27, 2009,


Making Privacy Notices Simple:  An OECD Report And Recommendations, 2006,


Self-Regulatory Principles For Online Behavioral Advertising: FTC Staff Report, February 2009


Online Behavioral Advertising: A Checklist Of Practices That Impact Consumer Trust: ©2009 TRUSTe, February 2009,


Public Workshop: The Mobile Wireless Web, Data Services and Beyond:  Emerging Technologies and Consumer Issues:  Federal Trade Commission, February 2002


Consumers Have False Sense Of Security About Online Privacy – Actions Inconsistent With Attitudes: Survey TRUSTe /TNS, San Francisco, CA, December 6, 2006,


Consumer Best Practices Guidelines for Cross Carrier Mobile Content Programs:  Mobile Marketing Association, December 30, 2008,


Posted in: Uncategorized