App Development Guidance from Canada’s Privacy Commissioners


[author: ]

On October 24, 2012, the Privacy Commissioners of Canada, Alberta and British Columbia issued a joint guidance document on mobile applications, titled Seizing Opportunity: Good Privacy Practices for Developing Mobile Apps. The guidance conveniently summarizes general private sector privacy principles under the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Personal Information Protection Acts of Alberta and British Columbia in one document, with specific application to the development of mobile applications (Apps).

The Privacy Commissioners provide tips on making consent more meaningful in the mobile App environment. Suggestions include:

  • Layering Information. The first layer of privacy disclosure could be icons, labels and images that lead to more detail through hyperlinks.
  • Privacy Dashboards. Provide tools to display privacy settings in a way that encourages user action and also explains the consequence of making a choice.
  • Colour and sound. Scale colour and sound and their intensity to the importance of the decision or sensitivity of the information.
  • Timing of user notice and consent. Users should not have to search for an Apps privacy policy. Instead, users should be provided without clear and accessible information prior to download. However, disclosure before download may not be sufficient. Further disclosure to obtain consent should occur in real time as the information is being collected so that the user can make a timely choice. For example, if location information is being collected, a symbol could be used to indicate to users that this is happening.

The Privacy Commissioners also provide specific guidance with respect to the collection and use of certain types of personal information. For example:

  • Sound, Location and Movement. Collection of sound and data from the device’s location and movement sensors requires informed consent and must be directly related to the functionality of the App.
  • Cameras. Activation of the device camera requires specific permission of the user.
  • Device Identifiers. Apps should be designed in a way that that do not require collection of unique device identifiers unless that is “essential” to the functioning of the App.
  • Third parties. Information about third parties (e.g. from a contact list) should not be collected without consent. The Privacy Commissioners do not specify whose consent.

The Privacy Commissioners also state that data should not be associated across Apps unless it is “necessary” to do so and “obvious” to the user.

In addition to this latest guidance, Apps developers may wish to consult The Roadmap for Privacy by Design in Mobile Communications: A Practical Tool for Developers, Service Providers and Users, which was co-authored by the Information and Privacy Commissioner of Ontario and the Arizona State University Privacy by Design Research Lab and published in December 2010.



DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dentons | Attorney Advertising

Written by:


Dentons on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.