Today’s app economy is like a new frontier marked by innovation, thousands of jobs and millions of consumers worldwide equipping themselves with useful, convenient, informative and entertaining tools. Like any new frontier though, this one has risks, including those to privacy. To help heighten personal information protection in the mobile era, the Privacy Commissioner of Canada, and the Information and Privacy Commissioners of Alberta and British Columbia today issued new guidance to help mobile app developers set themselves apart by making user privacy central in their design process.
The mobile era has led to the placing of an increasing amount of personal data such as contacts, photos, emails and texts onto one device, which can be tracked in real time. As a result, mobile apps may not just provide users with unparalleled information and fun at their fingertips, but also hold the potential for comprehensive individual surveillance.
A recent study showed that privacy concerns are swaying consumer choices. In September, the Pew Research Center released a report finding 57 per cent of users surveyed had either dropped or avoided installing an app over concerns about use of their personal information.
“Canadians shouldn’t have to choose between sacrificing their privacy and benefitting from the next new mobile app,” said Jennifer Stoddart, Privacy Commissioner of Canada. “Our guidance shows developers how they can meet their legal obligations to respect individual privacy while allaying consumer fears.”
“Mobile’s emergence is another wave in a larger digital revolution that has individual knowledge and empowerment as two of its cornerstones,” said Elizabeth Denham, British Columbia Information and Privacy Commissioner. “Developers who respect these and don’t try to turn them upside-down to consumers’ detriment can gain an edge.”
“Being first is important in the app economy, but this doesn’t mean privacy should be compromised in the process,” said Jill Clayton, Alberta Information and Privacy Commissioner. “Developers who resist shortcuts and put privacy first can gain a competitive advantage through consumer trust and loyalty.”
The guidance, shared with international data protection authorities and released today upon the close of the 34th International Conference of Data Protection and Privacy Commissioner in Punta del Este, Uruguay, provides app developers with insights in the following areas:
- Accountability under the law: Developers are accountable for the information handling practices of their work, whether working for themselves or a third party and their products generally fall under Canadian private sector privacy laws;
- Transparency: Privacy law requires informing users of how their personal information is being collected and used in a clear and understandable way;
- Collection: Privacy law calls upon developers to justify why an app needs to collect personal information to function. Collecting unnecessary information may also increase the risk of a damaging data breach;
- Gaining meaningful consent despite the “small screen” challenge: Developers can use colours, sounds and graphics to inform users and give them clarity and control over their privacy protection choices; and
- User notice and consent timing: Users need to be informed upfront about what will happen with their data upon using the app while real-time notices should follow as privacysensitive functions occur (such as, for example, when geolocation information is accessed).
The full guidance can be found on the web site of either: the Office of the Privacy Commissioner of Canada; the Office of the Information and Privacy Commissioner of Alberta; or the Office of the Information and Privacy Commissioner of British Columbia.