PRIVACY UPDATE (AUSTRALIA)
In recent years mobile devices such as internet-connected smartphones and tablet computers (mobile devices) have found a place in the everyday lives of most people. The prevalence of mobile devices is highlighted by a study by the research firm Gartner, which has forecast that by 2013 mobile devices will (a) overtake PCs as the dominant way we access the web and (b) reach over 1.82 billion units. Mobile devices are often on and tethered to their user, transmitting rich data to the sellers, analytic services and/or advertisers of applications (apps), exposing users to a wide variety of potential invasions of privacy. Compliance with existing privacy law and/or the need for new privacy protections is an area currently being investigated in the EU.
The rapid growth in popularity of mobile devices has been harnessed by businesses as a fast and effective method for reaching customers. Many businesses have invested in the development of leading-edge interactive apps and internet sites for mobile devices which provide customised and interactive services based on the information they collect from users. In fact, an estimated 98 billion apps will be downloaded by 2015 and the current US$6.8 billion market for apps is expected to grow to US$25 billion within four years.
In many cases businesses have policies and procedures in place to ensure compliance with their obligations under the Privacy Act for their online (ie website) presence. However, the pressure to quickly deploy apps and mobile sites into the market has meant that, in practice, businesses are not complying with (or, where required, extending to the mobile device environment) these policies.
Actions under the Australian Consumer Law and future fines
Recent spotlight on mobile privacy in the US
- Implement a means for app users to the platform apps that do not comply with applicable terms of service and/or laws.
- Implement a process for responding to reported instances of non-compliance.
- Continually work with the AG to develop best practice for mobile device privacy in general and develop model mobile device privacy policies in particular.
In June 2012, Facebook also agreed to be bound by the California Principles and signed the agreement. As a result, Facebook recently sent email alerts to its users (including those in Australia) notifying them of proposed updates to its data use policy. Interestingly, the email encourages users to review the changes proposed by Facebook and provide feedback by 28 November 2012, before the changes are finalised.
Although the California Principles and letters of warning issued by the AG formally only apply to apps made available in California, they are likely to set a benchmark for privacy practices across many countries (including Australia), given that most apps, regardless of the country in which they are developed, are likely to be made available in the US. Therefore, in addition to complying with relevant Australian privacy laws, we urge Australian businesses to follow best practice by voluntarily adopting the California Principles and using these as a framework for building privacy into the design of their mobile sites and apps (ie'privacy by design').
What action should Australian businesses take now?
Given the increased focus on privacy in the mobile devices environment internationally, we recommend that Australian businesses review and update their privacy policies and processes to ensure that they adequately cover personal information collected through mobile device apps and mobile sites.
To avoid potential liability, Australian businesses should:
- Ensure their app and mobile site developers are aware of the legal obligations to protect privacy
- Provide a summary of the mandatory information to be provided to users under Australian privacy law at points where personal information is collected
Please do not hesitate to contact us if we can assist with the review/audit of your current privacy practices and policies relating to your mobile sites and apps.
© DLA Piper
This publication is intended as a general overview and discussion of the subjects dealt with. It is not intended to be, and should not used as, a substitute for taking legal advice in any specific situation. DLA Piper Australia will accept no responsibility for any actions taken or not taken on the basis of this publication.
DLA Piper Australia is part of DLA Piper, a global law firm, operating through various separate and distinct legal entities. For further information, please refer to www.dlapiper.com