Data Privacy for App Developers

There has been much made of the HSE’s recently released COVID-19 tracker and symptom checker app.  Privacy professionals have been vocal in ensuring that the government build transparency and privacy protections in at the development phase to promote public confidence that their data are being used and stored correctly.  This in turn will facilitate greater uptake within the community which, given the purpose and scope of the project, is essential in the project’s success.  At the time of writing just under 2 million downloads have been registered in Ireland.

What can businesses take from this?

The success of the COVID-19 app clearly demonstrates that building in strong, accountable and traceable privacy safeguards is desirable and necessary for the success of any app.  Once your targeted audience is satisfied that their data are safe, accurate, used only for the purposes for which they are collected and not disclosed to unknown or unwanted third parties, the trust generated routinely results in higher download figures.

Privacy by Design

Every business and sector is different and every data flow is distinct.  One way to secure this flow is to avoid patching after release and to instead build controls in at the design stage.  A developer is assisted by being proactive, by embedding privacy controls into systems at the outset and by developing a respect for users.  Without user trust, technologies can’t move forward

It is also important to stay abreast of new technologies to ensure that system, product and application updates are reviewed and that new or different privacy controls are implemented.

Assessment

A good place to start is to assess the data flow and understand where the personal data resides and how it is used. An inventory of personal data accumulated through the use of the app should be created and reviewed before incident and risk assessments can be prepared.  Depending on the type of data being collected and the nature of the processing, a decision can then be made whether to undertake an assessment which will measure compliance within industry norms or to undertake a privacy impact assessment based on GDPR minimum requirements. Indeed, depending on the type and nature of the processing, a full Data Protection Impact Assessment may be mandatory.

Being serious about a user’s personal data and marketing oneself as a leader in data protection will bring clear financial benefit to app developers.  By being transparent and accountable within a risk-based approach and by adopting robust and flexible policies and practices a developer will identify problems early and reduce cost.

If you have any data protection or privacy matters been affected by any of the issues discussed above contact David Whelan at [email protected]