In the mobile environment, data can be collected and shared with ease. It is therefore of great concern to the Privacy Commissioner/Office of the Australian Information Commissioner (OAIC) that each individual's privacy is strictly protected, no matter what platform/technology is used.
In May this year ( May Update) we updated you on the draft guide on mobile privacy. Recently the final version of this guide Mobile privacy: A better practice guide for mobile developers (Mobile Guide) was released by the OAIC.
The Mobile Guide provides assistance to app developers and those launching apps (whether private or government) on how to embed better privacy practices within their products and services. This remains an important issue for all app developers, particularly given 57% of app users in the US have either avoided installing an app due to privacy concerns or uninstalled an app because it was collecting personal information they did not wish to share (click here for more).
The final version of the Mobile Guide does not differ extensively from the draft guide released in April 2013. Please see our May Update for a summary of the key elements of the draft guide (which have now been finalised in the Mobile Guide).
However, the Mobile Guide does differ from the draft guide with the inclusion of specific/additional guidance on the following topical general privacy issues:
- Sending personal information overseas
- Managing sensitive information
- Accommodating users with disabilities
- Handling data breaches.
The Mobile Guide suggests that businesses and agencies that have developed or launched, or are planning to develop or launch, an app should:
- Determine whether the app collects sensitive information such as details of the user's health (eg weight loss apps), sexual preferences (eg dating apps) or political or philosophical opinions (eg specific cause or human rights organisation apps) and, if so, they must comply with additional obligations under the Privacy Act 1988 (Cth) (Privacy Act) in relation to sensitive information (ie build in express consent for use of the sensitive information)
- Ensure data breaches are appropriately handled. While it is not yet mandatory to notify breaches, there is an OAIC guidance ( Data Breaches) on when it might be appropriate for organisations and agencies to consider notifying, at least, the individuals impacted by the breach.
The Mobile Guide is essential reading for all developers and businesses/agencies deploying in the mobile environment (in particular for apps) in relation to the privacy obligations under the amended Privacy Act and the new Australian Privacy Principles, which are effective from 12 March 2014.
© DLA Piper
This publication is intended as a general overview and discussion of the subjects dealt with. It is not intended to be, and should not used as, a substitute for taking legal advice in any specific situation. DLA Piper Australia will accept no responsibility for any actions taken or not taken on the basis of this publication.
DLA Piper Australia is part of DLA Piper, a global law firm, operating through various separate and distinct legal entities. For further information, please refer to www.dlapiper.com