In this age of ever-growing technology, data privacy has emerged to become a hotspot of conflict and apprehension among digital consumers. If you are developing an app, whether, for Apple IOS or Android, you must include a thorough and encompassing privacy policy. This article will help you to understand why a privacy policy is essential and what should be included in it before launching your app.
In this age of ever-growing technology, data privacy has emerged to become a hotspot of conflict and apprehension among digital consumers. If you are developing an app, whether, for Apple IOS or Android, you must include a thorough and encompassing privacy policy. This article will help you to understand why a privacy policy is essential and what should be included in it before launching your app.
A mobile app privacy policy is a legal statement that discloses how the app gathers, stores, and uses the personal information collected from the app users. Personal information means information which can be used to identify a person and includes their name, phone number, email address, physical address, device IDs, locations, photographs etc.
Contents
Reasons for having a Privacy Policy
The primary reasons for your app to have a privacy policy are:
1. To be legally compliant
In the wake of the technology revolution, most countries of the world legally require an app to include a privacy policy. Some countries where the privacy policy is mandatory are as follows:
- United States of America: There is not a single federal law that regulates privacy policy for apps, but there are several federal and state laws containing provisions on data privacy, such as the Americans With Disability Act, the Cable Communications Policy Act of 1984, the Children’s Online Privacy Protection Act (COPPA), the Computer Fraud and Abuse Act of 1986, the Computer Security Act of 1997, the Fair Credit Reporting Act, the California Online Privacy Protection Act (CalOPPA). The Federal Trade Commission or FTC regulates and supervises data protection within the United States. So, a privacy policy must be in conformity with all of the relevant provisions relating to data privacy.
- Canada: The central legislation, Personal Information Protection and Electronic Documents Act (PIPEDA) mandate companies originating in Canada to have a privacy policy for their apps. The PIPEDA also provides definitions of personal information as well as the kind of businesses that should take extra precautions to protect their consumers’ data. This proves helpful to app developers as to what specific parameters they should include in their privacy policy.
- Australia: The Privacy Policy Act of 1988 regulates access, storage, use and disclosure of consumers’ personal information. The Act includes thirteen principles which an app privacy policy is required to follow. The app developer must include not just how they access users’ information, but also how they store, use and disclose it to third parties.
- European Union: The data protection law has been standardized through (GDPR), replacing the 1995 EU Data Protection Directive in 2018, encompassing all 28 countries under the EU. GDPR imposes stringent rules on the control and processing of personally identifiable information such as a person’ name, email id, physical address, phone number etc. These laws focus more on an individual’s identifiable information. So, the app developers must include details on what and how much of the users’ personally identifiable information they access and store.
If your app will collect, store or share personal data of its consumers, then you must comply with every rule and regulation mandated by various states and countries around the globe. This is because even if your company’s operation is confined to a single state or country, there is a significant probability that users of different jurisdictions will use your app.
2. Third-Party Distributors Require App Privacy Policy
Both Google and Apple require the app developers to include and display their privacy policy, even if the developer does not wish to collect sensitive or personal data of the consumers
Apple’s app privacy policy is intended to protect it from the clutches of any possible litigation, and thus, an IOS developer that shares data will be held accountable under the terms of their privacy policy itself.
Google’s policy strives towards helping the consumers understand what and how much data the developers collect, and why and how they are going to use it.
Here’s what Google had to say in their Developer Policy Center’s User Data guidelines:
You must be transparent in how you handle user data (e.g., information provided by a user, collected about a user, and collected about a user’s use of the app or device), including by disclosing the collection, use, and sharing of the data, and you must limit the use of the data to the description in the disclosure. If your app handles personal or sensitive user data, there are additional requirements described below. This policy establishes Google Play’s minimum privacy requirements; you or your app may need to comply with additional restrictions or procedures if required by applicable law.
Google Play explicitly requires a link to the privacy policy to be visible on your app’s store listing page as well as within your app.
3. Helps in gaining Users’ Trust
The recent data leak scandals of prominent tech giants have caused a lot of scepticism among the users. When a user notices that an app contains a privacy policy, it builds the trust with the developers with his/her data. Even though the majority of the users don’t bother to read the policy itself, merely seeing that it exists creates a level of familiarity and trust between the users and the company/developers.
4. It is the Most Important Part of an App
A transparent privacy policy will explain to the users what is the fate of their personal information which is retained by the developer company. Without this essential component, the developers could be in violation of the law, which may attract pecuniary and prestige losses.
Privacy Policy Requirements for Android Apps
The exact required contents of a privacy policy depend upon the extent and outreach of your app and the respective laws applicable in that geographical area. It is advisable to have a privacy policy which covers almost all legal principles and provisions, as it is very likely that your app will be used by consumers of various jurisdictions.
The basic requirement of a privacy policy is that it should answer the following questions:
- Who is the owner of the app?
- What data is being collected and how is it being collected?
- What is the legal basis for the collection of data? (for example, consent, necessary for the app to work, legally required etc.) This is mostly related to GDPR and EU Law; but even if you fall outside their jurisdiction, you still need to state why you are processing the personal data of consumers.
- What are the specific purposes for collecting this data?
- Will any third party collect data through widgets or integrations? Which third parties will gain access to the users’ personal data?
- What are the rights of the users? Can the users request you (owner or developer) to see their data to which you have access to, can they request you to rectify, delete or block their data? (This is mandatory as per most European regulations)
- What is the process for notifying users and visitors of changes or updates to the privacy policy?
- What is the effective date of the privacy policy?
The privacy policy must disclose the app’s use of any of the following personal or sensitive data:
Camera, Contacts, Calendar, Microphone, Location, Phone, SMS, Sensors, Storage.
If your app collects and processes personal data of its users for reasons beyond the functioning of your app, then you must make an additional and conspicuous disclosure about this usage and must collect the user’s consent for the same.
Here’s what Google states about prominent disclosures:
If your app collects and transmits personal or sensitive user data unrelated to the functionality described prominently in the app’s listing on Google Play or in the app interface, then prior to the collection and transmission, it must prominently highlight how the user data will be used and have the user provide affirmative consent for such use.
Your in-app disclosure:
- Must be within the app itself, not only in the Play listing or a website;
- Must be displayed in the normal usage of the app and not require the user to navigate into a menu or settings;
- Must describe the type of data being collected;
- Must explain how the data will be used;
- Cannot only be placed in a privacy policy or terms of service; and
- Cannot be included with other disclosures unrelated to personal or sensitive data collection.
Your app’s request for consent:
- Must present the consent dialogue in a clear and unambiguous way;
- Must require affirmative user action (e.g. tap to accept, tick a check-box, a verbal command, etc.) in order to accept;
- Must not begin personal or sensitive data collection prior to obtaining affirmative consent;
- Must not consider navigation away from the disclosure (including tapping away or pressing the back or home button) as consent; and
- Must not utilize auto-dismissing or expiring messages.
Hence, there must be a separate notice in addition to your privacy policy, the link of which along with an explanation of the data processed, must be provided. This data must not be processed until the user has given consent for the same.