ICO Blog: Why developers must respect privacy to have an ‘Appy Christmas’

‘Appy Christmas’ may make a light-hearted headline, but the sale of mobile apps is a serious business. Last year over 328 million apps were downloaded on Christmas Day alone. This year is set to see this figure increase dramatically, with tablet computers and the latest smartphones being high on many people’s Christmas lists.

In recent weeks, we have also seen several lower priced tablets released, taking the world of tablet computing to an ever wider audience.  But, while people are happy to part with their money for the latest mobile game or social networking app, they aren’t so keen to part with their personal data.

A YouGov survey commissioned by the ICO in December has highlighted that concerns around how apps are using people’s personal information is hitting developer’s sales and usage figures.

The survey found that 62% of people who have downloaded an app are concerned about the way apps use personal information, with almost half (49%) of app users having chosen not to download an app due to privacy concerns. This means that app developers are potentially losing over half of their market or risk pushing away nearly two-thirds of their hard won app user, typically because they’re either not being clear how personal information is being used, or because personal information is being used in a manner they disagree with.

It’s clear then, that as well as fulfilling a legal requirement, it is in developers’ interests to make sure they are looking after people’s information correctly by complying with the Data Protection Act.

To help them achieve this we have published detailed guidance today that was developed in consultation with key figures within the industry, including academics and other regulators. The guidance explains the key requirements that developers must meet when processing personal information through an app, covering issues such as security and data retention.

The guidance highlights the benefits of taking a ‘privacy by design’ approach to app development, covering issues like privacy-friendly defaults and giving users effective control over their privacy settings.

It also explains how developers can overcome the constraints of a small screen to provide their apps’ users with concise and easy to follow privacy information. For example developers can break down their privacy notice in to sub-sections rather than creating one long ‘privacy notice’ that people are forced to scroll through. It’s also important that privacy notices actually explain to people why their information is being processed, rather than just simply telling them which information will be collected.

The public are clearly concerned about the way apps are seen to be using personal information. Developers who fail to address this concern by being open and upfront about how and why they are using people’s information will be at a clear disadvantage.

Our guidance helps developers by showing what compliance with the Data Protection Act looks like. Compliance is not a bolt-on included in the final phase of a product’s development, but is an aspect of an app’s design that should be considered at the start of the process. Built in from an early stage, adopting a ‘privacy by design’ approach to app development will set you on the right track to addressing people’s concerns and achieving commercial success.

This is why our guidance for app developers should be seen as a must read for those working in one of the UK’s fastest growing industries.

Simon RiceSimon Rice is the Group Manager for the Technology team which provides technical expertise to all ICO departments in order to support the broad range of activities undertaken by the ICO.
This entry was posted in Simon Rice and tagged , , . Bookmark the permalink.