Guest Post: Privacy 101 for (Mobile) App Developers

In this guest post, Lydia Barit, recent MSc Information Security Policy and Management graduate & former Policy Analyst consultant with PrivCom, shares the top six (6) privacy questions for (mobile) app developers...



 

Now more than ever, data protection and privacy matters are taking global center stage. As more people are becoming increasingly aware of the harmful uses of personal data, conducting privacy due diligence is becoming a key part of consumers’ new technology acquisition processes. Apple and Google understand this, with the former now requiring app developers to fill out privacy labels and the latter following closely behind, in order to provide prospective app users with easy-to-digest privacy information. These labels represent one of myriad ways application (or, "app") developers can present privacy practices to users.


By considering the following questions early on in development, developers can be proactive by embedding privacy practices from the get-go in order to convey this information to customers more seamlessly and transparently.

First, a quick compliance check: does PIPA even apply to me?

Yes! According to Section 3 of PIPA: “this Act applies to every organisation that uses personal information in Bermuda where that personal information is used wholly or partly by automated means and to the use other than by automated means of personal information which form, or are intended to form, part of a structured filing system.”


Unlike some data protection regulations in other countries, which set income or size thresholds, PIPA applies to every organization using personal data. Diving further in, data processing is considered to be automated if direct human intervention is not required to carry it out. Collecting and/or using a user’s location data to give restaurant recommendations, or credit card information to initiate a transaction, are both examples of automated processing of personal data that commonly occurs on mobile apps.

Who are your users?

What personal information are you collecting and how?

Now that you've collected personal data, how should you manage it?