The guidelines make it clear that mobile app developers are
responsible for all personal information handled by the app. As a
first step to compliance, the mobile app developers should map out
information flows, identify risks, and put controls in place (such
as contracts and user agreements) to ensure third parties respect
privacy obligations. Mobile app developers should also:
Be transparent about their information handling practices, and
describes the practices.
continues to accurately describe what is actually happening.
Distribute updates of the app with notices of associated
changes in information handling practices, and allow the user to
refuse the update.
Limit collection of information to what is needed now and allow
users to opt out of collection of information for additional,
Use encryption when storing and transmitting data.
Mobile app users should be notified of information handling
practices (i) when they download the app, (ii) when they first use
the app, and (iii) throughout their app experience. Mobile app
developers need to be creative and thoughtful to try to capture
users' attention, without causing notice fatigue.
The guidelines recognize the challenges to obtaining meaningful
consent on the small screen, and suggest a number of strategies,
layering privacy information, placing important points up front
and providing links to more detailed explanations;
using a privacy dashboard that displays a user's privacy
settings and provides a convenient means of changing them;
using visual cues and symbols such as graphics, colour, and
sound as cues to draw user attention to what is happening with
their personal information, the reasons for it, and choices
available to the user.
Further guidance on obtaining meaningful consent to computer
programs that impact on user's privacy may be found in the
Canadian Radio-television and Telecommunications Commission's
(CRTC) guidelines on complying with Canada's anti-spam
Lastly, the guidelines state that if a user deletes the app, then
their information should also be deleted.
In the U.S., the Federal Trade Commission (FTC) has also
introduced guidelines for mobile app developers, which address
truth-in-advertising, as well as privacy issues.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Peerenboom v Marvel Entertainment (2016 NY Slip Op 31957(U)) is drama-driven case in which the New York County Supreme Court afforded Toronto businessman Harold Peerenboom the right to obtain the private emails...
The Supreme Court of Canada released a landmark decision today giving important guidance on how Canada's federal privacy law, the Personal Information Protection and Electronic Documents Act, should be interpreted.
The Ontario Superior Court of Justice recently approved a settlement agreement in the Lowanski v The Home Depot class action, a decision that highlights adequate protection and a sufficient response can significantly reduce the legal risks after a data breach.
The October 19, 2016 judgment of the European Court of Justice in the matter brought by Patrick Breyer against the Federal Republic of Germany (the "EU Decision") raises the issue of whether an IP address is personal information under the EU Directive 95/46/EC and provides an interesting comparison with the Canadian perspective.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).