The Data Protection Act 1998 (the "DPA") applies to any personal data that you use in the course of running your business. This includes any personal data collected via mobile apps that you have developed.
Mobile devices are always on and contain a number of features, including cameras, microphones and GPS sensors, which enable unprecedented levels of data collection – even when the device is in "sleep mode".
How does your business comply with the DPA when your customers or app users use your mobile app? The DPA is a minefield but here are our top ten app happy DPA tips to help keep you on the right app track:
- Tell app users before the app starts using app users' personal data what the app will use their personal data for. Keep in mind the size of a mobile screen and don't go for lengthy and complex data protection statements that no one will – or will be able to – read;
- Only collect as much personal data as you need to perform the tasks that your app is designed to do. Don't collect personal data just because it might be useful one day if it serves no real purpose now;
- Tell app users if the app will transfer their personal data to third parties, such as online behavioural advertising networks, which will present in-app advertisements that are bespoke to app users' preferences;
- If your app is targeted at, or could be used by, children, use simple language and build in appropriate parental consent mechanisms to the use of their children's personal data;
- Allow app users to cancel and delete the personal data contained within their app account and only hold on to that personal data that you need to for legal reasons;
- If your app is intended to work on different operating systems, take account of any differences between the systems, as some systems may facilitate the collection of higher levels of personal data than others;
- Give app users a simple means of making contact with you, such as an e-mail address that is checked regularly, and comply with any requests from app users for access to copies of their personal data that you have collected via the app;
- Give app users an obvious place from which they can configure their in-app privacy settings;
- Ensure personal data collected or transmitted via your app is handled securely using encrypted connections; and
- Test your app regularly to ensure that you remain true to your data protection promises to your app users by, for example, only keeping personal data for as long as you said you would and ensuring that your data security measures are still relevant, up-to-date and reflect the state of the art.
Daradjeet Jagpal is an Associate at Harper Macleod and specialises in Data Protection and Information law. If you have any queries in this area email firstname.lastname@example.org or call 0141 227 9403.