In Australia, the Office of the Australian Information Commissioner requires smartphone app developers to embed privacy policies into their products and services. Application developers must comply with Australian Privacy Law and the Australian Privacy Principles (APPs) guidelines. Just like website privacy policies, it is important to integrate good privacy protections into your day-to-day business practice, including mobile apps.

Personal Information

Any information collected by an app must be protected. This includes IP addresses, Unique Device Identifiers (UDIDs), contact lists, location information and photographs. There are stricter obligations for private sector health service providers, businesses that sell or purchase personal information and credit reporting bodies. It is paramount that developers build privacy by design (PBD) into the way they develop apps and handle information. By complying with the Privacy Act, this can also reduce compliance costs for business. The APPs require that you only collect the personal information that is necessary.

Privacy Policy for Apps

APP 1 requires Australian businesses to have a clearly expressed and up-to-date APP privacy policy about how they manage personal information. For smartphone apps, this includes how they handle information in and outside Australia.

App users increasingly expect transparency about how their personal information is handled. A privacy policy should tell users what your app does with their personal information, why it does it, and what their choices are. It is vital to ensure access to the privacy policy is easy, and consent can clearly be obtained by the app user. APP 8 imposes specific obligations about sending personal information outside of Australia and you may remain accountable for what happens to that information.

As smartphone apps generally appear on smaller screens, it is important to select the right strategy in conveying privacy policies. For example, short form notices with important points up front and links to more detailed explanations can be more helpful. Otherwise, a privacy dashboard that displays a user’s privacy settings and provides a convenient means of changing them can assist users on smaller screens.

Securing and Deleting App Data

The APPs require Australian businesses to take reasonable steps to protect any personal information they hold from misuse, interference and loss, as well as unauthorised access, modification or disclosure. For example, a Privacy Policy should state how long it will take to delete personal information once a user stops using your app. By developing a privacy policy that clearly and simply informs users what your app is doing with their personal information, your business can be open and transparent about its privacy practices.

Conclusion

It is important to ensure your smartphone app protects data and abides by the Privacy Act 1988 (Cth). LegalVision has a team of IP and contract lawyers who can assist you with drafting a Privacy Policy for your smartphone application. Please call our office on 1300 544 755 and our Client Care team will happily provide you with an obligation-free consultation and a fixed-fee quote.

Lachlan McKnight

Next Steps

If you would like further information on any of the topics mentioned in this article, please get in touch using the form on this page.