The UK’s Information Commissioner’s Office (ICO) have recently published a new draft CCTV Code of Practice. It is open for consultation until 1 July 2014 – visit http://ico.org.uk/about_us/consultations/our_consultations to review the draft code of practice, and to provide feedback. The changes address emerging and increasingly available technologies (e.g. body mounted cameras, and drones), and the privacy impacts of those, as well as building in legislative updates and case law. The underlying compliance regime remains firm – if you believe there is the need for CCTV technologies, then before using it undertake a Privacy Impact Assessment to ensure that its use is proportionate and that privacy concerns can be mitigated. If it use is justified, then ongoing monitoring and management is vital as well, with at least a yearly check of its use continuing to be compliant and appropriate.
App Privacy is another developing area, and one of concern for customers and suppliers alike. Regulators are realising that there is the potential for there to be major privacy impacts and that it is a global issue. The ICO’s research in 2013 found that half of potential customers had rejected an app due to privacy concerns. These permissions are commonly summarised in a box when downloading an app and in some cases go beyond what is really needed for that app to function. The ICO issued its guidance for app developers late last year –http://ico.org.uk/for_organisations/data_protection/topic_guides/online/mobile_apps - and the ICO is now involved in a global effort to review global app privacy issues as part of the Global Privacy Enforcement Network. We expect to see more compliance reviews and guidance in this area, and potentially some enforcement action dependent on the reviews. The French data protection authority (CNIL) is also active in this area and undertook a sweep of 100 mobile apps earlier this month as we have mentioned in a previous post (http://blogs.dlapiper.com/privacymatters/france-the-cnil-is-auditing-the-100-most-commonly-used-mobile-apps-in-france-as-part-of-internet-sweep-day/). The takeaway is clear – to avoid regulatory action and to encourage customers to download their apps, app developers should ensure that their compliance is fully considered and properly documented in its app permissions and applicable privacy policies.