The proliferation of downloadable apps and their privacy policies has been in the spotlight of late. Most infamously, Facebook received short-lived public ridicule over the recently released update for its Messenger app. The furore surrounds the privacy terms, which request permission to access and use voice recording, camera and internet functions without first notifying the user. However, this kind of ‘all bases covered’ policy may become increasingly common as app developers come to terms with the need for detailed privacy statements that comply with the requirements of the operating system. Of course, these unnecessarily complex policies could be simply avoided by taking a more intelligent approach to drafting.
Last year, 26 privacy enforcement authorities took part in an international review of iOS apps, in what was called the Global Privacy Enforcement Network (GPEN) Privacy Sweep. The Sweep targeted apps produced by, and on behalf of, Australian business and Government agencies, and scrutinised the privacy permissions that apps requested of their users.
The results of the Sweep have identified a number of concerns that developers and users should be aware of. So what lessons are there in this for developers, and how do you balance the finer points of privacy permissions?
Be sure to explain to consumers why you want the required information and what you intend to do with it.
This was a recurrent failure among the apps examined, according to the Australian Privacy Commissioner, Timothy Pilgrim. Mr Pilgrim expressed concern that ‘many (apps) are seeking access to large amounts of personal information without adequately explaining how that information is being used.’
Only a fraction of existing apps provide a clear explanation of their information use policy, which suggests this is a clear area for improvement in the future.
Be up front with your privacy terms.
Clear, concise privacy permissions, that are accessible before downloading, allow users to feel as though they are making informed decisions. Many existing apps are failing to ensure pre-installation privacy requirements are being communicated.
Permissions should not exceed reasonable expectations given the apps’ functionality
The Sweep further highlighted the need to adapt privacy statements to function properly on the smaller screens of mobile devices. Many were found to be poorly adapted to the function, which made the terms difficult to navigate.