App Developers Take Notice: Privacy Guidelines for Mobile Apps Released
29 November 2012
On October 29, 2012, the Privacy Commissioners of Canada, Alberta and British Columbia published a detailed guidance document on privacy considerations for mobile apps.
All mobile app developers and all organizations who make mobile apps available to their customers will want to carefully review these guidelines and consider related impacts on their current privacy practices.
While the privacy principles highlighted in the guidance document came as no surprise, specific recommendations identified by the Commissioners go farther than typical mobile app privacy practices in use today. The following take away messages, presented with italicized excerpts from the guidance document, serve as examples:
Relying on disclosures in your privacy policy is insufficient. Users should not have to search for your app’s privacy policy. They need clear and accessible information to evaluate what you are proposing to do with their information.
For example, wherever the app is being made available for download, tell potential users what personal information your app will be collecting and why, where it will be stored (on the device or elsewhere), who it will be shared with and why, how long you will keep it, and any other issues that will affect user privacy.
Monitoring programs should be used. You should have a monitoring program in place to make sure that the app in fact handles personal information in the way described in your privacy policy.
Seek user feedback before implementing changes to your privacy policy. [And] should you make updates to your app’s privacy policy, inform users in advance and give them reasonable time to provide feedback before you implement changes. Tell users exactly what rules you are changing so they don’t have to compare the new and old policies to understand what’s happening.
If you are changing the app privacy policy to include new uses, especially transfers of information to third parties, make the changes easy to find and understand through the update process. Never make silent app updates that will diminish the user’s privacy.
Provide specific, targeted notifications about your privacy practices. While your app’s privacy policy tells the user about your practices, you should also provide specific, targeted notifications to users when they need to make a decision about whether to consent to the collection of their personal information.
Do not collect personal information simply because it may be useful in the future. While it may be tempting, you should avoid collecting data because you believe it may be useful in the future. Canadian privacy laws require you to restrict your data collection to what is needed for an identified purpose that exists now and delete data that you no longer need for the original purpose for which it was collected.
Identify third parties and how to modify or delete data shared with them. A key feature of privacy protection, with respect to nonsensitive information, is allowing users to opt out of data collection. So, if you are sharing behavioural information or device identifiers with third parties (such as an ad network), your privacy policy should identify those third parties and link to information about how to modify or delete the data. You should also provide a means for users to opt out of such tracking.
Limit the collection of any deviceunique identifiers. Apps should be designed in a way that does not require you to collect any deviceunique identifiers if it is not essential to the functioning of the app. Avoid associating data across apps unless it is obvious to the user and necessary to do so. If you must make links, ensure that sensitive data is not linked to a user’s identifier for longer than it needs to be.
For example, if your app transmits personal information, you should not log it unless it is necessary. If you have to log it, secure it and delete it as soon as possible.
Limit the collection of geolocation information. Avoid collecting information about a user’s movements and activities through the use of location and movement sensors unless it relates directly to the app and you have the user’s informed consent.
Use encryption. Users’ information should be encrypted when it is stored and when it is transmitted over the internet.
Provide users with the means of refusing updates and deleting the app. Ensure that users have a clear and easy way to refuse an update, deactivate and delete the app.
Provide users with the means of deleting their data. You should give users the ability to delete all of the data collected about them.
Automatically delete user data upon deletion of the app. In particular, when users delete an app, their data should also be deleted automatically.
Provide ongoing notice to users. [T]ell users in advance what will happen with their information with the eventual use or deployment of the app and also in real time, while it’s actually happening. With this design challenge in mind, it’s crucial that the users are able to make timely and meaningful choices. For example, if your app is about to actively access the user’s location data, you could activate a symbol to raise user awareness of what is happening.
Osler, Hoskin & Harcourt LLP
Box 50, 1 First Canadian Place
Toronto, Ontario, Canada M5X 1B8
T: +1 416.362.2111
F: +1 416.862.6666
E: mfekete@osler.com
W: www.osler.com