How to ensure user privacy as an app developer


The Information Commissioner’s Office (ICO) has looked into period and fertility apps to gain key insights into how app developers can ensure the privacy of their users.

The ICO reminds all app developers to protect the privacy of their users by adopting certain practices that can help keep people safe while using apps, according to a press release.

Although the ICO didn’t identify any “compliance issues or evidence of harm” within their review, the UK independent body of information rights urges app developers to take steps to ensure user safety and app integrity.

ADVERTISEMENT

When signing up for an app, an individual often reveals a lot of personal information during the process. This is especially true in cases where apps are looking to support your health and wellbeing, Emily Keaney, Deputy Commissioner of Regulatory Policy, said

Users of apps deserve “peace of mind” and ultimately want to know that their data is secure, Keaney adds.

Therefore, app developers must implement strong practices that empower users to share personal information only when absolutely necessary.

The ICO assures users that the fertility apps they checked out weren’t using personal data in a way that could harm the user.

Yet the review did shed light on some areas that app developers should improve on to ensure that they’re “meeting all their obligations to be transparent with their users and keep data safe.”

Here are four main areas that app developers should consider in order to comply with their data protection obligations and ensure user privacy.

Transparency

ADVERTISEMENT

As app developers may deal with a lot of personal information, they need to be transparent with how they’re using this data.

The information that must be provided includes:

  • Purposes for processing personal data
  • Retention periods for personal data
  • Who the information will be shared with

This ‘privacy information’ should be clear, concise, and easily accessible, according to the ICO.

Consenting to personal data being used, stored, or shared should come with the ability to opt out of either of these processes.

Genuine consent should mean offering users the choice and right to choose whether they want to opt in or opt out.

App developers must also ensure they have “the right” consent to utilize users' personal data.

“Data protection law sets a high standard for consent, which must be explicit, unambiguous, and involve a clear action to opt-in,” the press release reads.

The ICO makes it very clear that app developers must:

ADVERTISEMENT
  • Not use pre-ticked boxes or default methods for consent
  • Make it easy for people to withdraw consent at any given moment

Correct lawful basis

Data protection law states that app developers must have a “valid lawful basis in order to process personal data,” according to the ICO.

This includes:

  • Consent
  • Contract
  • Legitimate interests

Don’t adopt a “one size fits all” approach to lawful basis/bases, as app developers must consider the purpose and context of processing to determine which basis is most appropriate.

Accountability

Personal information is extremely valuable, and app developers must be accountable for the data they collect.

As an app developer, you may determine the purpose and means of processing data, making you a data controller, according to the ICO.

Therefore, you are responsible for complying with laws and regulations set in place to protect that data – ensuring that appropriate measures are taken to ensure the lawful processing of data.

ADVERTISEMENT