Australia: Update on privacy compliance for app developers

more+
less-
more+
less-

In the mobile environment, data can be collected and shared with ease. It is therefore of great concern to the Privacy Commissioner/Office of the Australian Information Commissioner (OAIC)  that each individual's privacy is strictly protected, no matter what platform/technology is used.

In May this year (May Update) we updated you on the draft guide on mobile privacy. Recently the final version of this guide Mobile privacy: A better practice guide for mobile developers (Mobile Guide) was released by the OAIC.

The Mobile Guide provides assistance to app developers and those launching apps (whether private or government) on how to embed better privacy practices within their products and services. This remains an important issue for all app developers, particularly given 57% of app users in the US have either avoided installing an app due to privacy concerns or uninstalled an app because it was collecting personal information they did not wish to share (click here for more).

The final version of the Mobile Guide does not differ extensively from the draft guide released in April 2013. Please see our May Update for a summary of the key elements of the draft guide (which have now been finalised in the Mobile Guide).  

However, the Mobile Guide does differ from the draft guide with the inclusion of specific/additional guidance on the following topical general privacy issues:

  • Sending personal information overseas
  • Managing sensitive information
  • Accommodating users with disabilities
  • Handling data breaches.

The Mobile Guide suggests that businesses and agencies that have developed or launched, or are planning to develop or launch, an app should:

  • Determine whether the app collects sensitive information such as details of the user's health (eg weight loss apps), sexual preferences (eg dating apps) or political or philosophical opinions (eg specific cause or human rights organisation apps) and, if so, they must comply with additional obligations under the Privacy Act 1988 (Cth) (Privacy Act) in relation to sensitive information (ie build in express consent for use of the sensitive information)
  • Ensure that the App's privacy policy is easily accessible to people with disabilities. For example, apps should utilise screenreader software, which enables people with a visual impairment to hear content aloud
  • Protect their customers' privacy by complying with obligations that relate to the sending of  personal information overseas. That is, at least notify customers in the privacy policy that their personal information may be sent overseas (and specify where) and take reasonable steps to ensure that the overseas receiving entity complies with Australian privacy laws/the Australian Privacy Principles (APPs)
  • Ensure data breaches are appropriately handled. While it is not yet mandatory to notify breaches, there is an OAIC guidance (Data Breaches) on when it might be appropriate for organisations and agencies to consider notifying, at least, the individuals impacted by the breach. 

The Mobile Guide is essential reading for all developers and businesses/agencies deploying in the mobile environment (in particular for apps) in relation to the privacy obligations under the amended Privacy Act and the new Australian Privacy Principles, which are effective from 12 March 2014.