May 8, 2013

Information Commissioner’s Guidelines for Mobile App Developers

On 4 April 2013, the Office of the Australian Information Commissioner (OAIC) released the consultation draft of guidelines entitled “Mobile Privacy: A Better Practice Guide for Mobile App Developers” (Draft Guidelines).

WHY THE DRAFT GUIDELINES MATTER

The Draft Guidelines set out the OIAC’s (draft) view on best practices for app developers in relation to privacy law. When the Draft Guidelines are finalised, they will be an important insight into the standards that the OAIC will bring to handling privacy complaints about mobile apps.

WHAT’S COVERED?

The Draft Guidelines cover familiar ground about scope, that is: personal information is any information that identifies a person or could be used to identify a person. This includes obvious categories of information like names and addresses, but reaches as far as information like IP addresses, unique identifiers and dates of birth from which someone’s identity can be reasonably ascertained.

PRIVACY IMPACT ASSESSMENT

In the Draft Guidelines, the OAIC advocates an approach where privacy issues are considered at the very earliest stages of development. The OAIC suggests that app developers author a “privacy impact assessment , which is a description of how personal inforrmation is used by an app, and how its use affects the privacy of individuals.

COLLECT ONLY WHAT YOU NEED

The Privacy Act 1988 (Cth) prevents organisations from collecting personal information that is not necessary for their activities. Consistent with this principle, the Draft Guidelines encourage app developers to be across why each category of personal information is necessary for the functionality of their app. The OAIC highlights user location data and unique device identifiers as personal information that should only be collected if there’s a good reason.

MEANINGFUL CONSENT

The Draft Guidelines stress that app developers should gain “meaningful consent” to use the personal information of the people who use their apps. In other words, measures taken by developers should ensure that users understand what personal information is collected by the app, and how that personal information is used. As a means to ensuring this, the Draft Guidelines discuss the importance of keeping users informed on privacy while they are actually using the app with “in-context notices”, which inform the user when their information is being collected.

We will write about the guidelines again when the final version is issued.

Like our technology articles?  Checkout our blog at techlawyer.com.au.