The Privacy Commissioner has released a new resource for businesses and app developers to help them understand their legal obligations under the Privacy Act when collecting personal information through mobile apps.
Apps can gather large amounts of information about their users but apps often don’t explain clearly what information they collect and for what purpose. Over 64 percent of New Zealanders own a smartphone and worryingly, in a recent NetSafe survey, 75 percent said there was nothing sensitive stored on their device.
While consumers may assume that established, trusted businesses will develop trustworthy apps, this is not necessarily the case. It is important that agencies, businesses and app developers know that it is unlawful to collect more information than is necessary. It is also important that consumers are informed about the permissions they agree to when they download an app.
The New Zealand Privacy Commissioner’s Need to Know or Nice to Have guidance is now available and designed to help businesses build user trust and loyalty through good privacy practices.
When apps don’t convey basic information about what the business is collecting personal information for, it’s difficult for people to feel confident that their information is being looked after.
In May, the Privacy Commissioner’s Office joined 27 overseas privacy enforcement authorities from the Global Enforcement Network (GPEN) in carrying out a survey of commonly used apps. As well as international apps, we surveyed a number of New Zealand ones.
While the overall international results are still being compiled, our results show that not enough information is being provided to users about how an app accesses and uses their personal information.
That’s why we’re making available out Need to Know or Nice to Have guidance for businesses and mobile app developers. This comprehensive app privacy resource is based on five simple concepts:
1. Make a plan and spot the risks
2. When a user makes a decision to download your app, be there with the right information
3. ‘Nice to know’ does not mean ‘need to know’
4. Invest some time working out how to make privacy clear and relevant to your users
5. Providing information in real time is as important as being up front in advance.