In December 2013, the UK Information Commissioner’s Office (“ICO”) issued non-binding guidance aimed at app developers (the “Guidance”). The Guidance applies to all types of mobile devices, including smart TVs and video game consoles.
In the Guidance, the ICO emphasizes that the Data Protection Act 1998 (“DPA”) equally applies to mobile apps as it does to more traditional businesses. Further, the mobile environment presents particular privacy concerns due to the fact that:
- mobile devices are portable and personal, used frequently, and are generally always on;
- mobile devices typically include multiple data collection sensors (e.g., microphone, camera, GPS receiver); and
- smaller screens make it more challenging to provide adequate notice to users.
Importance of Privacy by Design
The Guidance encourages app developers to consider privacy issues at the outset of the design phase and adopt a privacy by design approach. This underscores the importance for developers to understand how the personal data collected through the app will be used as well as who the data controller will be throughout the lifecycle of the app. Even where an app developer creates an app on behalf of a client, so that it will not act as the data controller, the Guidance encourages developers to consider privacy and security during the design and development process.
Providing Fair Notice
The Guidance provides practical tips on providing fair notice to users, in particular: (1) the importance of using plain English that is appropriate to the target audience; (2) clearly stating the purposes for which the personal data will be used; (3) providing notice as soon as practicable; and, (4) using layered notices if appropriate. The Guidance highlights the importance of drawing users’ attention to unusual or unexpected uses of their personal data, and recommends using “just-in-time” notices to do so.
Providing Meaningful Choices
The Guidance encourages developers to give users “granular” choices where possible, as opposed to “all or nothing” choices, as well as permitting users to later change their minds.
In addition to better legal compliance, the ICO highlights the potential commercial benefits of better privacy. “Users will have more confidence in apps that clearly respect their privacy. Users may uninstall or remove apps that contain surprises about how their personal data is used.”