A worldwide sweep of over 1200 mobile apps along with ongoing privacy concerns has prompted the Office of the Australian Information Commissioner (OAIC) to develop ‘Mobile privacy: a better practice guide for mobile app developers’.
The Global Privacy Enforcement Network (GPEN) Privacy Sweep, conducted in May 2014 by 26 privacy enforcement authorities around the world including the OAIC, examined 53 popular free iOS apps, with a focus on apps produced by or on behalf of Australian businesses and Australian Government agencies.
The sweep found that as mobile apps increase in popularity, many of them are seeking access to large amounts of personal information without adequately explaining how that information is being used.
Over 67% of Australian apps were found to have offered little information about why the data was being collected or how it would be used prior to download. The sweep also found that 11.3% of Australian apps requested access to information that exceeded their functionality, raising alarms as to the nature of the information being sought.
The OAIC also found that almost 25% of the apps examined did not appear to have privacy communications that were tailored for a small screen, consisting of lengthy and complex privacy policies that required users to scroll through multiple pages.
In response, the OAIC has created guidelines encouraging developers to use short form notices for privacy policies that are no longer than a single screen. In addition, the OAIC advocates for developers to draw users’ attention to any collection, use or disclosure of information that they would not otherwise reasonably expect.
“I would encourage mobile app developers to put their users’ privacy first when designing apps by incorporating a ‘privacy by design’ approach,” Pilgrim said.