Section 508

August 30th, 2013

5 Tips for Implementing Privacy Rules in Your Mobile App

doberman1. Create a privacy policy

A “privacy policy” is a document that explains to your users about what you will do with the information gathered from them, how you are gathering that information and how the information will be stored and managed.

Fact: currently, 28% of top of the 100 mobile apps do not have a privacy policy

DMI tip: Make your privacy policy comprehensive by at the least answering the following questions:

  • What information do we collect?
  • How do we use your personal information?
  • Do we disclose your personal information?
  • Are we responsible for the privacy policy of other websites?
  • How do IP addresses work?
  • Do we use cookies?
  • What is our commitment to data security?
  • How can you update your personal information?
  • How can you contact us if you have any question?

2. Implement active consent

“Active Consent” means voluntary, informed, express and revocable permission from the user on a device to use or disclose information as described in the consent agreement. Active Consent is a separate concept from mere service terms or privacy policy approval.

Fact: Although permission to use Users’ location is widely implemented, permission to use Users’ personal data is often not specified.

DMI tip: Give both opt in and opt out options to Users when accessing a User’s data. Even go a step further by informing the user on the implication of their choice so that they can “actively” opt in or opt out.

3. Make it visual

When the screen is very small and the text may appear unwelcoming a table with colours or a symbol system may appear appealing. In legal practice symbols have seen a rising trend, which might be implemented in the future. However, be careful, as making the privacy policy visual does not replace the need of having the full legal text.

Fact: A User reads on average 25 words a minute. The average Privacy Policy has 3068 words, which means that it would take an average of 12 minutes to read it.

DMI tip: Be innovative! Help your user understand the privacy implications of your App. Layer your privacy policy, summarize it in a table or use a star rating system.

4. Be transparent

Users understand the impact of mobile apps on their privacy. They want app providers to be up front about how their personal information is used in order for them to make an informed decision about whether to download and use the app.
Just one bad mobile experience with one company could cause a user to lose faith in them, and stop the user from engaging and make purchases in the future.

Fact: 46% of users state that it is extremely important to know that an app is gathering information about them. 49% of users state that it is extremely important for them to know when an app is sharing the information with 3rd parties.

DMI tip: Try to be as transparent as possible about what data you collect from users, and for what purpose.

5. Keep the Law in mind

Below are all the principles established by the Data Protection Directive 95/46/EC that need to be followed
• Notice: subjects whose data is being collected should be given notice of such collection.
• Purpose: data collected should be used only for stated purpose(s) and for no other purposes.
• Consent: personal data should not be disclosed or shared with third parties without consent from its subject(s).
• Security: once collected, personal data should be kept safe and secure from potential abuse, theft, or loss.
• Access: subjects should granted access to their personal data and allowed to correct any inaccuracies.
• Quality/adequacy: information should be up to date, correct and stored for a limited amount of time. Its use shall only be in order to provide the service but no more. Only use data for the finality stated to the user, and strictly for the period to achieve the finality.
• Accountability: subjects should be able to hold personal data collectors accountable for adhering to all seven of these principles.
• New Principles set out under the currently drafted future legislation:
– Privacy by design: data protection safeguards should be built into products and services from the earliest stage of development.
– Privacy by default: privacy-friendly default settings should be the norm.
– Right to be forgotten: if you no longer want your data to be processed, and there is no legitimate reason for a company to keep it, the data shall be deleted.

DMI tip: Get there first. The new legislation is moving towards increased levels of transparency. Why not start implementing it now!

Sources: MEF report 2013

Agathe Caffier, Legal Adviser, DMI

Image courtesy: Jag Nagra

Tags: checklist mobile apps privacy security

Connect with us

Job Openings

Want to be part of our growing team?

View More
Work with us

Learn how DMI can help you grow, or launch your business.

Get In Touch

See all of our locations around the world

View Locations