The topic of digital privacy is often discussed in developer circles. To the general public, it may remain less relevant until a high-profile security breach happens, and they begin to wonder about all the companies and apps that have access to their personal information.
In this post, we’ll talk about privacy policies in mobile applications, why they matter, and how to craft one that ensures the rights of the app’s users are upheld to the fullest.
Even if you don’t collect personal data directly, you may be using a third-party tool (like Google Analytics, for example) that is collecting data, and you’ll need to disclose that.
You need to understand what personal data actually is so that you’ll know how you collect it, store it, and what kinds of security measures you need to have in place in order to protect it.
Do Different Countries Require Different Privacy Policies?
The US does not have a federal or national law governing the use of Privacy Policies and data protection. But there is the California Online Privacy Protection Act that defines how you must treat the privacy of the residents of this state.
Canada, Japan, and Australia all have their own versions of this document, and the EU has adopted the GDPR in 2018, so there are plenty of different laws and regulations you need to consider.
Luckily, they are all essentially similar. In a nutshell, they all demand that you protect the personal information of your users and that you delete said information when a user demands.
Is There a Difference Between iOS and Android Privacy Policies?
Both of these mobile stores have their own guidelines that you need to adhere to in order to be able to feature your product.
The Google Play Developer Distribution also has an agreement that you need to uphold. Lastly, Google’s Developer Policy Center also has a section on policy and security that you should read before you launch your app.
What personal data do you collect?
How do you collect this personal data?
How can users request more data about the information you have on file about them?
What are you going to use this personal data for?
What third parties do you allow to collect personal information?
The answers to these questions need to be written as clearly as possible, and even a layman should be able to understand them. You don’t want to muddy the water with vague or complex sentences. Keep it simple, to the point, and above all else, accurate.
You also need to understand what your cookies are doing and how they relate to the privacy of your users. Make a detailed list of all of them, and explain what they are for and how to opt out of them.