Remember signing up for iTunes? If you don’t, please skip the next few lines. Remember after entering in all your details, you’d be greeted by a huge document called the terms and conditions. We’re pretty confident that you, like the rest of us, clicked agree without really reading them.
Today, privacy policies have become the new pop up that many of us click the agree button on without reading. Whether it’s on websites, apps, games, or even mobile devices, we are encountering these documents every day now.
If you’ve heard the term GDPR or seen the Facebook senate hearings, you probably have some idea why these policies are so prevalent today. Data matters and governments are keeping an eye on how businesses are using it.
So what does this mean for you and your app? Keep reading to find out.
- Names – full or not.
- Contact information such as an email address or contact number.
- Residential or postal address and location.
- Age, D.O.B, gender, and other identifiable words.
- Payment information and or identification numbers such as national insurance.
Should changes be made to this document, your users must be notified and must agree to the new terms of the policy.
Why do you need one for your App?
It’s essential that you familiarise yourself with the current legislation around privacy in the country that you live in. One of the largest and most influential pieces of legislation is GDPR. GDPR applies if you have users that live in the EU, regardless of whether your company is based within Europe or not.
If you have users in Australia, you may be subject to the conditions of The Privacy Act of 1988 – otherwise known as the Australian privacy act. Japan has the Act on Protection of Personal Information (APPI), Canada has the PIPEDA Fair Information Principle and India has the Personal Data Protection Act (PDPA).
iOS devices vs Android devices
The App Store and the Google Play Store have their own respective requirements when it comes to user privacy. For iOS, this can be found in the “App Store Review Guidelines”, and under “The Google Play Developer Distribution Agreement” in Google’s developer Policy centre for Android developers.
Take it point by point if you plan to write this yourself. Alternatively, you can enlist the help of an attorney who can assist you with compiling this document. Whichever path you choose, ensure the document has been approved by legal counsel before publishing it.
- A short introduction outlining the purpose of the document, a table of contents, and the identity of the owner of the app. If you are a business, then you should include the contact information and the address of your office or place of business.
- A clear outline of what data you collect, the specific types of data, why you collect this data and how it will be used. This needs to be explained clearly with minimal jargon.
- Outline the legal basis of processing based on the legislation that your app is subject to.
- What data you will keep, how long it will be stored, and your process for erasing it. It’s important that you also include any steps taken to ensure the protection of this data. In this section, you must also touch on the right to opt out (if applicable).
- If you share this data with any third parties, these parties must be named if possible. On the topic of third parties, you should include information about any third-party service providers that you may be involved with.
The content of these policies will vary depending on the nature of your business and your app. Covering all of these key points is a great place to start.
Next, have it in the same place where you keep your terms and conditions on your website and app. It can help to attach a link to it at the bottom of any marketing emails that you send as well.
We also recommend having a visible link to it anytime your app is collecting data or consent to collect data.