Businesses are increasingly using mobile applications (apps) to
market and deliver their products and services to users, but do
users really know how their personal information is being handled
once they install an app? Businesses considering launching or
updating a mobile app can take a number of steps to incorporate
better privacy practices in their apps.
Mobile apps and privacy reforms
It is clear that the use of smart phones and mobile apps in
Australia is on the rise. The Office of the Australian Information
Commissioner (OAIC) has
published figures from a 2012 Australian study where 76 per
cent of respondents said they owned a smartphone, compared with 67
per cent in 2011. 87 per cent of smartphone users surveyed had
installed an app on their phone.
Privacy enforcement authorities have identified mobile apps as a
key area of focus due to the privacy implications for consumers. In
fact, the OAIC and 27 other privacy authorities from around the
world conducted a 'global privacy sweep' earlier this year,
which involved examining 50 of Australia's most popular apps
for privacy issues.
Ensuring your mobile app complies with Australia's privacy
laws is now more important than ever. Not only are users more
concerned about their privacy, but reforms to Privacy Act
1988 (the Act) in March this year imposed a number of
additional obligations on many businesses and hefty penalties for
non-compliance. The OAIC can now seek civil penalties of up to $1.7
million for corporations and $340,000 for individuals for breaches
of the Act, including the
Australian Privacy Principles (APPs).
Collecting personal information via a mobile app
The OAIC expects mobile app developers to consider which
personal information is essential for the operation of the app.
Under APP 3, entities must not collect personal information unless
the information is reasonably necessary for, or directly related
to, one or more of the entity's functions or activities. If you
cannot explain why you need the information or how it relates to
your business functions or activities, the information generally
should not be collected.
You should also consider the nature of the personal information
being collected, and how it will be collected. In particular,
determine whether the personal information is 'sensitive
information'. Sensitive information includes information about
an individual's racial or ethnic origin, political opinions,
memberships of professional associations, religious beliefs, sexual
orientation and health.
Common types of information that apps access include:
the user's name and contact details
the user's date of birth
credit card details
address books and contact lists
device location information
call and SMS logs
The nature of the personal information collected will impact on
an entity's privacy policies and procedures. If you are
collecting sensitive information, the user's consent to collect
the information is generally required (unless an exception
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).