On October 29, 2012 the Privacy Commissioners of Canada, Alberta and British Columbia published a detailed guidance document on privacy considerations for developing mobile apps.

All mobile app developers and all organizations who make mobile apps available to their customers will want to carefully review these guidelines and consider related impacts on their current privacy practices.

While the privacy principles highlighted in the guidance document came as no surprise, specific recommendations identified by the Commissioners go farther than typical mobile app privacy practices in use today.  The following take away messages, presented with italicized excerpts from the guidance document, serve as examples:

Relying on disclosures in your privacy policy is insufficient.

Users should not have to search for your app’s privacy policy. They need clear and accessible information to evaluate what you are proposing to do with their information. 

For example, wherever the app is being made available for download, tell potential users what personal information your app will be collecting and why, where it will be stored (on the device or elsewhere), who it will be shared with and why, how long you will keep it, and any other issues that will affect user privacy.

Monitoring programs should be used.

You should have a monitoring program in place to make sure that the app in fact handles personal information in the way described in your privacy policy.

Seek user feedback before implementing changes to your privacy policy.

[And] should you make updates to your app’s privacy policy, inform users in advance and give them reasonable time to provide feedback before you implement changes.  Tell users exactly what rules you are changing so they don’t have to compare the new and old policies to understand what’s happening.

If you are changing the app privacy policy to include new uses, especially transfers of information to third parties, make the changes easy to find and understand through the update process.  Never make silent app updates that will diminish the user’s privacy.

Provide specific, targeted notifications about your privacy practices.

While your app’s privacy policy tells the user about your practices, you should also provide specific, targeted notifications to users when they need to make a decision about whether to consent to the collection of their personal information.

Do not collect personal information simply because it may be useful in the future.

While it may be tempting, you should avoid collecting data because you believe it may be useful in the future. Canadian privacy laws require you to restrict your data collection to what is needed for an identified purpose that exists now and delete data that you no longer need for the original purpose for which it was collected.

Identify third parties and how to modify or delete data shared with them.

A key feature of privacy protection, with respect to non-sensitive information, is allowing users to opt out of data collection. So, if you are sharing behavioural information or device identifiers with third parties (such as an ad network), your privacy policy should identify those third parties and link to information about how to modify or delete the data. You should also provide a means for users to opt out of such tracking.

Limit the collection of any device-unique identifiers.

Apps should be designed in a way that does not require you to collect any device-unique identifiers if it is not essential to the functioning of the app. Avoid associating data across apps unless it is obvious to the user and necessary to do so. If you must make links, ensure that sensitive data is not linked to a user’s identifier for longer than it needs to be.

For example, if your app transmits personal information, you should not log it unless it is necessary. If you have to log it, secure it and delete it as soon as possible.

Limit the collection of geo-location information.

Avoid collecting information about a user’s movements and activities through the use of location and movement sensors unless it relates directly to the app and you have the user’s informed consent.

Use encryption.

Users’ information should be encrypted when it is stored and when it is transmitted over the Internet.

Provide users with the means of refusing updates and deleting the app.

Ensure that users have a clear and easy way to refuse an update, deactivate and delete the app.

Provide users with the means of deleting their data.

You should give users the ability to delete all of the data collected about them.

Automatically delete user data upon deletion of the app.

In particular, when users delete an app, their data should also be deleted automatically.

Provide ongoing notice to users.

[T]ell users in advance what will happen with their information with the eventual use or deployment of the app and also in real time, while it’s actually happening. With this design challenge in mind, it’s crucial that the users are able to make timely and meaningful choices. For example, if your app is about to actively access the user’s location data, you could activate a symbol to raise user awareness of what is happening. If your app takes photos or video, make sure to clearly state whether your app will tag the images with location data and allow the user to opt out of this feature at the time of taking the photo or video.