In this guest post, Lydia Barit, recent MSc Information Security Policy and Management graduate & former Policy Analyst consultant with PrivCom, shares the top six (6) privacy questions for (mobile) app developers...
Now more than ever, data protection and privacy matters are taking global center stage. As more people are becoming increasingly aware of the harmful uses of personal data, conducting privacy due diligence is becoming a key part of consumers’ new technology acquisition processes. Apple and Google understand this, with the former now requiring app developers to fill out privacy labels and the latter following closely behind, in order to provide prospective app users with easy-to-digest privacy information. These labels represent one of myriad ways application (or, "app") developers can present privacy practices to users.
By considering the following questions early on in development, developers can be proactive by embedding privacy practices from the get-go in order to convey this information to customers more seamlessly and transparently.
First, a quick compliance check: does PIPA even apply to me?
Yes! According to Section 3 of PIPA: “this Act applies to every organisation that uses personal information in Bermuda where that personal information is used wholly or partly by automated means and to the use other than by automated means of personal information which form, or are intended to form, part of a structured filing system.”
Unlike some data protection regulations in other countries, which set income or size thresholds, PIPA applies to every organization using personal data. Diving further in, data processing is considered to be automated if direct human intervention is not required to carry it out. Collecting and/or using a user’s location data to give restaurant recommendations, or credit card information to initiate a transaction, are both examples of automated processing of personal data that commonly occurs on mobile apps.
Who are your users?
What personal information are you collecting and how?
Now that you've collected personal data, how should you manage it?
Relatedly, what are your Software Developer Kits (SDKs) doing with data?
Are you documenting everything?
In conclusion, taking the time to answer these questions at any stage of the app development process will guide you toward a set of privacy tools and practices that can truly give you a competitive edge. Creating a privacy programme that proactively bakes privacy in will pay off through increased user trust, lessened regulatory or technological headaches, and propelled profits.
Additional Resources (Links here are for reference and are not necessarily endorsements)
Apple: Manage app privacy
Atlassian:
o Data privacy guidelines for developers
o User privacy guide for app developers
Australian Government: Mobile privacy: a better practice guide for mobile app developers
International Association for Privacy Professionals (IAPP): Privacy Design Guidelines for Mobile Application Development
UK Information Commissioner’s Office (ICO): Privacy in mobile apps: Guidance for app developers
OWASP:
To reach out to the Office of the Privacy Commissioner, please visit our Contact Us page.