I've been in similar situations in the past and my first reaction is to ask why. Often someone will have an idea without considering the security, privacy or other ethical considerations, and on closer examination will adapt or drop their proposal
If that's not enough, refuse to do it unless there's protection in writing - a clear change to the privacy policy, very clear opt in within the app. If you don't get that, don't write it because those decisions aren't yours to make.
Disclaimer: I live in the EU so I do have legal obligations under the GDPR which make the easier for me. The quickest way to shut down a conversation is to ask "is this GDPR compliant?". Outside the EU, it's worth reminding your employer what Apple did when they found policy violations in apps from Facebook and Google and killed their certs, stopping all their apps from working.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I've been in similar situations in the past and my first reaction is to ask why. Often someone will have an idea without considering the security, privacy or other ethical considerations, and on closer examination will adapt or drop their proposal
If that's not enough, refuse to do it unless there's protection in writing - a clear change to the privacy policy, very clear opt in within the app. If you don't get that, don't write it because those decisions aren't yours to make.
Disclaimer: I live in the EU so I do have legal obligations under the GDPR which make the easier for me. The quickest way to shut down a conversation is to ask "is this GDPR compliant?". Outside the EU, it's worth reminding your employer what Apple did when they found policy violations in apps from Facebook and Google and killed their certs, stopping all their apps from working.