Why Your Mobile App Needs a Privacy Policy

Have you developed or do you own a Mobile App? Does the App collect personal data such as email addresses, identification numbers, or banking information from users? If so, then it’s imperative that you have a Privacy Policy.

Privacy Policy Definition

A privacy policy is a legal statement or document that declares a firm, website, or an app’s policy on the gathering and use of its user’s personal information. In particular, it outlines how site operators will collect, store, protect, and utilise personal data provided by users. Personal data includes all and any information relating to an individual. Some examples include names, physical, email, and online addresses, debit and credit card information, telephone numbers, identification information, etc.

In the context of mobile apps, personal data extends to other categories of information that must be given due attention. For instance, a user’s mobile device may be equipped with capabilities to not only identify but also track his geographical location/movements. Your app should not access such data without a user’s consent. Other relevant categories include phone or email contact/address books, IP addresses, photographs, audio-visual recordings, etc.

Reasons Your App Needs a Privacy Policy

1. Legal Compliance

The Kenya Data Protection Act does not specifically provide that online site operators or mobile apps should have privacy policies. However, it outlines in great detail the legal obligations that a data collector or processor within Kenya must adhere to in relation to the collection and processing of personal data. The nature of mobile apps or online sites is that they can be accessed from any part of the world. This means that in addition to the Kenyan privacy laws, your app should adhere to privacy expectations in other jurisdictions. The US and EU have some of the most robust legislation relating to Data Protection. These two jurisdictions require mobile apps that collect personal data to have readily accessible privacy policies.

The bottom line is that as an app owner, you need to demonstrate to the legal authorities your basis for the collection and use any personal data stored in your site. Failure to do so could lead to the imposition of heavy financial penalties.

2. Adherence to Third Party Distributor Policies

Third-party Operating systems such as Google’s Android and Apple’s IOS require Privacy Policies whether or not the app collects personal data. In both cases, Google and Apple place the onus on the app developer/owner to show that the app adequately safeguards personal data. For example, under Apple Developer Guidelines, all apps must include a link to their privacy policy in the app. These guidelines also set out minimum requirements on the contents of the privacy policy. Similarly, if your app uses Google Analytics you must post a Privacy Policy. The Privacy Policy must provide notice of Your use of cookies or any similar technology used to collect data. Apart from IOS and Andriod requirements, there are other third-party operators that may mandate users to have Privacy Policies. For example, commercial use of social media sites such as Facebook, Twitter, eBay and the likes.

3. To Boost User Confidence

Notably, the market for privacy-friendly apps and products is on the rise. Consumers are keen to understand privacy settings on their apps and the way in which their personal data is used. One of the drivers of this consciousness is rise in data breach scandals such as the Cambridge Analytica one. Having a detailed Privacy Policy and processes gives your users confidence that their personal information is secure in your hands. Additionally, the policy portrays you/your organisation as transparent and trustworthy. Apart from this, if your firm/app is penalised for data breaches, consumers may shy away from your product.

Conclusion

Mobile apps mine vast quantities of personal and personal sensitive data stored in a user’s mobile device. I will sum this up with this observation from IAPP: “Privacy pros must balance their companies’ business needs against consumer privacy concerns and compliance obligations. “


Disclaimer! Venturelawkenya contains only general information about legal matters. It is not legal advice and should not be treated as such. You must not rely on the information on this website as an alternative to legal advice from your lawyer/advocate or other professional legal services provider. If you have specific questions about any legal matter you should consult with your advocate or any other suitable professional legal service provider.


Disclaimer: The information on this blog is available for informational purposes only and is not considered legal advice on any subject matter. By viewing blog posts, the reader understands there is no advocate-client relationship between the reader and the blog publisher. The blog should not be used as a substitute for legal advice from a licensed professional advocate, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation. The information on the blog may be changed without notice and is not guaranteed to be complete, correct or up-to-date. While the blog is revised on a regular basis, it may not reflect the most current legal developments.

Tags: