This time last year, a study of 11,500 individuals commissioned by mobile trade association the GSMA found that over 80 percent of mobile internet users were concerned about sharing their personal information with apps and services.
So what's the mobile industry doing to win back consumers' lost trust? A panel on user-centric privacy at this week's Mobile Web Congress trade show in Barcelona, Spain, discussed the need for a different approach to mobile - one that gives users transparency, choice, and control over their data by embedding privacy in products as they're developed.
Users know it. Correction: they should know it. Companies should too. But Mikko Hypponen, chief research officer at F-Secure, hammered the point home once again: "There are no free apps, no free cloud storage, no free webmail. They all end up monetizing one way or another," he told the panel on Monday.
Data is the new currency of the digital world, broadcast and shared in real-time with devices that offer their users a better, healthier, or more organised life. Yet, users are increasingly concerned about their personal information and how it's used by the tech companies they share it with. In fact, according to the GSMA research, more than 80 percent of users think it's important to have third parties ask for permission before accessing users' data.
As a result, "privacy is an important issue for all of us," said Denelle Dixon-Thayer, senior vice president of business and legal affairs at Mozilla.
"We hear the ecosystem, but we really don't listen to what users are saying," she added, underlining the need for users to trust the web and mobile space in order "to get the most out of it".
More than listening
The industry knows it has to listen. But then what - how does it take what it's learned and put it to practical use?
According to Claus Ulmer, group privacy officer at Deutsche Telekom, coding privacy-friendly products should be "a mandatory process for all developers". Brian Hernacki, chief architect at Intel, went a step further and called for platforms designed for privacy and technologies that automatically encrypt data, as "education, transparency, and accountability" are not enough.
Eduardo Ustaran, lawyer and partner at law firm Hogan Lovells International, echoed Hernacki's sentiment by highlighting how simply making information available may not help users become better informed. Most users don't read terms and conditions and privacy policies for the services they want to use because "they are too long", he said, and questioned whether it's really worth writing them in the first place.
Instead, he called for a different legal approach "to create the right conditions to support innovation, and promote transparency and greater value sharing among data collectors".
Ustaran was also optimistic about the prospects for the European Commission to develop stricter regulation on how developers should handle the sensitive personal data that they're quietly amassing from all sorts of devices.
Some of the groundwork for that has already been laid. The article 29 Working Party, an independent EC advisory body on data protection and privacy, has issued opinion 02/2013. The document details how the European legal framework applies to the processing of personal data in the development, distribution, and usage of apps on smart devices and focuses on "the consent requirement, the principles of purpose limitation and data minimisation, the need to take adequate security measures, the obligation to correctly inform end users, the rights, reasonable retention periods and specifically, fair processing of data collected from and about children," Ustaran said.
Data protection vs privacy
But what does 'personal' really mean when it comes to data? And what does giving away personal data really imply? The moderator of the conference session, the GSMA's director of privacy Pat Walshe, believes that "privacy impactful information" would be a better term for such data.
The industry seems increasingly to believe that consumers will factor privacy into their buying decisions. Intel's Hernacki said that "data protection and privacy are not the same thing", adding that trust and reputation will become key factors in how users choose their tech providers.
Mozilla's Dixon-Thayer insisted that "data hygiene" should be something every new or established tech company should be thinking about. "Trust is the new currency," she said, even if it's hard to sell something just based on privacy outcomes alone. However things stand, Dixon-Thayer remains convinced that there is a real opportunity to use privacy as a competitive differentiator.
That potential will doubtless become more apparent as the Internet of Things grows. One estimate suggests there will be 50 billion connected objects in 2020, gathering increasingly more sensitive data about our home lives and health. Wearables are "a totally different landscape for privacy", Hernacki said.
That's not to say that privacy and transparency and connected objects are mutually exclusive. Apple, for example, has been very clear to outline what can be done with users' health data in HealthKit - and when developers are stepping over the line. "Apple did it OK with the Health app, " said Mozilla's Dixon-Thayer.
The key to achieving real customer trust is to treat "customers as partners", Deutsche Telekom's Ulmer said. In the end, thinking about the issue of privacy as early as possible when setting up a new business or creating a service really shouldn't be that hard, the speakers agreed.