- What information do we collect?
- How do we use your personal information?
- Do we disclose your personal information?
- How do IP addresses work?
- What is our commitment to data security?
- How can you update your personal information?
- How can you contact us if you have any question?
2. Implement active consent
Fact: Although permission to use Users’ location is widely implemented, permission to use Users’ personal data is often not specified.
DMI tip: Give both opt in and opt out options to Users when accessing a User’s data. Even go a step further by informing the user on the implication of their choice so that they can “actively” opt in or opt out.
3. Make it visual
4. Be transparent
Users understand the impact of mobile apps on their privacy. They want app providers to be up front about how their personal information is used in order for them to make an informed decision about whether to download and use the app.
Just one bad mobile experience with one company could cause a user to lose faith in them, and stop the user from engaging and make purchases in the future.
Fact: 46% of users state that it is extremely important to know that an app is gathering information about them. 49% of users state that it is extremely important for them to know when an app is sharing the information with 3rd parties.
DMI tip: Try to be as transparent as possible about what data you collect from users, and for what purpose.
5. Keep the Law in mind
Below are all the principles established by the Data Protection Directive 95/46/EC that need to be followed
• Notice: subjects whose data is being collected should be given notice of such collection.
• Purpose: data collected should be used only for stated purpose(s) and for no other purposes.
• Consent: personal data should not be disclosed or shared with third parties without consent from its subject(s).
• Security: once collected, personal data should be kept safe and secure from potential abuse, theft, or loss.
• Access: subjects should granted access to their personal data and allowed to correct any inaccuracies.
• Quality/adequacy: information should be up to date, correct and stored for a limited amount of time. Its use shall only be in order to provide the service but no more. Only use data for the finality stated to the user, and strictly for the period to achieve the finality.
• Accountability: subjects should be able to hold personal data collectors accountable for adhering to all seven of these principles.
• New Principles set out under the currently drafted future legislation:
– Privacy by design: data protection safeguards should be built into products and services from the earliest stage of development.
– Privacy by default: privacy-friendly default settings should be the norm.
– Right to be forgotten: if you no longer want your data to be processed, and there is no legitimate reason for a company to keep it, the data shall be deleted.
DMI tip: Get there first. The new legislation is moving towards increased levels of transparency. Why not start implementing it now!
Sources: MEF report 2013
Agathe Caffier, Legal Adviser, DMI
Image courtesy: Jag Nagra