Developer’s Guide on Personal Data Protection
That is not a secret anymore that every Android or IOS app collects your personal data and shares it with third-party companies for various marketing and advertising purposes. After Cambridge Analytica and Facebook scandal, more and more people are getting concerned about their personal data protection in the apps they use.
How does this happen and why?
Sharing some information about you and giving app permissions is definitely important for these apps to work properly. For example, you won’t successfully run a camera app if you don’t give access to the camera itself first. Indeed, it is important to know which information you share and for what purposes exactly. Not only mobile apps can locate you using GPS or your Facebook check-ins, but they can also read your messages, read your contacts and learn practically anything from you. That is quite understandable judging by the way how much our smartphones know about us.
Today, we can’t imagine our lives without the many things Internet has to offer us. We can use several devices, and even different operating systems, to use one and the same account – isn’t that incredible? But everything that is stored in our browser history, search history, cookies, bookmarks – practically everything you have contacted with – possesses a number of advantages, just as well as disadvantages. We all know that, let’s say, if you search even for a simple banana pie recipe, then you should get ready to receiving dozens of the “best recipes in the world” ads the next day. That is mainly because we tend to use one account for all our apps and devices.
The same thing happens with any of our mobile apps: they collect our user data of any sort so they can use it later for their own purposes. It is not a single case when user’s personal data has been transmitted to third-party companies and later on abused in marketing purposes or even the political ones. That was exactly the case of Cambridge Analytica and the latest Facebook scandal.
A new law regulating Personal Data Protection
May 2018 brought us General Data Protection Regulation (or GDPR) provided by the European Union. Under this prescription, we understand that every app supplier or any other individual responsible for the app should make people aware of what kind of personal information is being collected to their libraries. Furthermore, users should be able to control what information they share explicitly and be capable of refusing to give any personal data. That is especially necessary if we talk about the so-called sensitive data (race, religion, sexual orientation etc).
What does GDPR mean?
In a broad sense, the fundamental regulations provided by the EU are the following:
- purpose restriction
- data minimization
- data precision
- storage limitation
All in all, this new law means that:
- user’s data has to be collected in a transparent and legal way (users are to be explained adequately about the methods and measures for data collecting);
- the purpose of data collection should be the same as claimed by the company;
- the volume of data collected should not be more than it is demanded by the purpose;
- inaccurate data should be deleted by user’s demand;
- personal information is to be collected for no more than it is required by the purpose;
- companies are to provide confidentiality to the personal data of their users (no third-party companies involved).
Violation of the so-called GDPR may result in up to 20 million euros fine.
Does GDPR serve for anything good?
Yes, it does. GDPR is one of the most important documents which builds credibility in services and establishes the relations between the consumer and the developer that are regulated by the law. Data is definitely a somewhat currency in the world of IT and business, so using it properly and legally will only contribute to your IT products.
What should app developers do?
Though the GDPR law is aimed at the countries of European Union, it is much easier to comply these requests in all the countries. Even if your organization is situated in the country which does not belong to the European Union, you still have to acquire these rules if you are aiming towards the EU and especially if there are European languages available in your services or if it is possible to pay for your services with any of the European currencies.