Call 1800 POD LEGAL   

Downloadable Apps and Privacy Permissions

The proliferation of downloadable apps and their privacy policies has been in the spotlight of late. Most infamously, Facebook received short-lived public ridicule over the recently released update for its Messenger app. The furore surrounds the privacy terms, which request permission to access and use voice recording, camera and internet functions without first notifying the user. However, this kind of ‘all bases covered’ policy may become increasingly common as app developers come to terms with the need for detailed privacy statements that comply with the requirements of the operating system. Of course, these unnecessarily complex policies could be simply avoided by taking a more intelligent approach to drafting.

Last year, 26 privacy enforcement authorities took part in an international review of iOS apps, in what was called the Global Privacy Enforcement Network (GPEN) Privacy Sweep. The Sweep targeted apps produced by, and on behalf of, Australian business and Government agencies, and scrutinised the privacy permissions that apps requested of their users.

The results of the Sweep have identified a number of concerns that developers and users should be aware of. So what lessons are there in this for developers, and how do you balance the finer points of privacy permissions?

Be sure to explain to consumers why you want the required information and what you intend to do with it.
This was a recurrent failure among the apps examined, according to the Australian Privacy Commissioner, Timothy Pilgrim. Mr Pilgrim expressed concern that ‘many (apps) are seeking access to large amounts of personal information without adequately explaining how that information is being used.’

Only a fraction of existing apps provide a clear explanation of their information use policy, which suggests this is a clear area for improvement in the future.

Be up front with your privacy terms.
Clear, concise privacy permissions, that are accessible before downloading, allow users to feel as though they are making informed decisions. Many existing apps are failing to ensure pre-installation privacy requirements are being communicated.

“Of particular concern was that almost 70% of the apps we looked at failed to provide the user with a privacy policy or terms and conditions that addressed privacy prior to the app being downloaded,” Mr Pilgrim said.

Permissions should not exceed reasonable expectations given the apps’ functionality
Mr Pilgrim encourages developers to ‘put their users’ privacy first when designing apps by incorporating a ‘privacy by design’ approach.’ Generally, this means tailoring the privacy policy according to the app functions, and only collecting personal information that is necessary for proper operation.

The Sweep further highlighted the need to adapt privacy statements to function properly on the smaller screens of mobile devices. Many were found to be poorly adapted to the function, which made the terms difficult to navigate.

Ultimately, the Sweep found that clear, concise information about privacy is a strategy that app developers should be pursuing. This kind of effective privacy policy is key to boosting consumer confidence, and should be improved under increasing global privacy regulation.