Privacy Guide for Mobile Apps
Tuesday, 1st October 2013 at 10:34 am
The Office of the Australian Information Commissioner (OAIC) has released a guide to help mobile app developers to embed better privacy practices into their products, and to comply with Australian privacy law.
The guide, Mobile privacy: A better practice guide for mobile app developers was developed after research by the OAIC found that six in 10 Australians are choosing not to use a smartphone app because of concerns about the way personal information would be used.
The Australian Privacy Commissioner, Timothy Pilgrim, said the growing app industry presented both potential benefits to people but also serious risks to how personal information is handled.
"Mobile app developers operating in the Australian market need to be aware of how Australian privacy regulation applies, otherwise they risk breaching the law," Pilgrim said.
"I’m recommending that app developers adopt a ‘privacy by design’ approach right from the beginning of an application’s development to help make sure it is privacy-friendly.
"It is ultimately in an app developer’s best interest to build strong privacy protections into their product. The mobile apps that take privacy seriously will be the ones that stand out from the crowd and gain user trust and loyalty."
The Guide recommends that app developers use short form privacy notices instead of lengthy privacy policies that are difficult to read on a small screen.
"People are confronted with privacy policies that are increasingly lengthy, complex and time-consuming to read. Trying to read one of these on a smartphone screen is even more challenging.
"People are increasingly expecting transparency about how their personal information is handled. It’s important to get informed consent from people so they can decide whether or not to install an app. Informed consent requires that users be told about the privacy implications of an app in a way they can understand.
“App developers should make it easy by using things like a privacy dashboard and in-text notices where you tell users what will happen with their information in real time," Pilgrim said.