On October 29, 2012 the Privacy Commissioners of Canada, Alberta and British Columbia published a detailed guidance document on privacy considerations for developing mobile apps.
All mobile app developers and all organizations who make mobile apps available to their customers will want to carefully review these guidelines and consider related impacts on their current privacy practices.
While the privacy principles highlighted in the guidance document came as no surprise, specific recommendations identified by the Commissioners go farther than typical mobile app privacy practices in use today. The following take away messages, presented with italicized excerpts from the guidance document, serve as examples:
For example, wherever the app is being made available for download, tell potential users what personal information your app will be collecting and why, where it will be stored (on the device or elsewhere), who it will be shared with and why, how long you will keep it, and any other issues that will affect user privacy.
Monitoring programs should be used.
Provide specific, targeted notifications about your privacy practices.
Do not collect personal information simply because it may be useful in the future.
While it may be tempting, you should avoid collecting data because you believe it may be useful in the future. Canadian privacy laws require you to restrict your data collection to what is needed for an identified purpose that exists now and delete data that you no longer need for the original purpose for which it was collected.
Identify third parties and how to modify or delete data shared with them.
Limit the collection of any device-unique identifiers.
Apps should be designed in a way that does not require you to collect any device-unique identifiers if it is not essential to the functioning of the app. Avoid associating data across apps unless it is obvious to the user and necessary to do so. If you must make links, ensure that sensitive data is not linked to a user’s identifier for longer than it needs to be.
For example, if your app transmits personal information, you should not log it unless it is necessary. If you have to log it, secure it and delete it as soon as possible.
Limit the collection of geo-location information.
Avoid collecting information about a user’s movements and activities through the use of location and movement sensors unless it relates directly to the app and you have the user’s informed consent.
Users’ information should be encrypted when it is stored and when it is transmitted over the Internet.
Provide users with the means of refusing updates and deleting the app.
Ensure that users have a clear and easy way to refuse an update, deactivate and delete the app.
Provide users with the means of deleting their data.
You should give users the ability to delete all of the data collected about them.
Automatically delete user data upon deletion of the app.
In particular, when users delete an app, their data should also be deleted automatically.
Provide ongoing notice to users.
[T]ell users in advance what will happen with their information with the eventual use or deployment of the app and also in real time, while it’s actually happening. With this design challenge in mind, it’s crucial that the users are able to make timely and meaningful choices. For example, if your app is about to actively access the user’s location data, you could activate a symbol to raise user awareness of what is happening. If your app takes photos or video, make sure to clearly state whether your app will tag the images with location data and allow the user to opt out of this feature at the time of taking the photo or video.