By Alec Christie
In recent years mobile devices such as internet-connected smartphones and tablet computers (mobile devices) have found a place in the everyday lives of most people. The prevalence of mobile devices is highlighted by a study by the research firm Gartner, which has forecast that by 2013 mobile devices will (a) overtake PCs as the dominant way we access the web and (b) reach over 1.82 billion units. Mobile devices are often on and tethered to their user, transmitting rich data to the sellers, analytic services and/or advertisers of applications (apps), exposing users to a wide variety of potential invasions of privacy. Compliance with existing privacy law and/or the need for new privacy protections is an area currently being investigated in the EU.
The rapid growth in popularity of mobile devices has been harnessed by businesses as a fast and effective method for reaching customers. Many businesses have invested in the development of leading-edge interactive apps and internet sites for mobile devices which provide customised and interactive services based on the information they collect from users. In fact, an estimated 98 billion apps will be downloaded by 2015 and the current US$6.8 billion market for apps is expected to grow to US$25 billion within four years.
In many cases, businesses have policies and procedures in place to ensure compliance with their obligations under the Privacy Act for their online (ie website) presence. However, the pressure to quickly deploy apps and mobile sites into the market has meant that, in practice, businesses are not complying with (or, where required, extending to the mobile device environment) these policies.
- Implement a means for app users to the platform apps that do not comply with applicable terms of service and/or laws.
- Implement a process for responding to reported instances of non-compliance.
- Continually work with the AG to develop best practice for mobile device privacy in general and develop model mobile device privacy policies in particular.
Although the California Principles and letters of warning issued by the AG formally only apply to apps made available in California, they coudl set a benchmark for privacy practices across many countries (including Australia), given that most apps, regardless of the country in which they are developed, are likely to be made available in the US. Therefore, in addition to complying with relevant Australian privacy laws, we urge Australian businesses to follow best practice by voluntarily adopting the California Principles and using these as a framework for building privacy into the design of their mobile sites and apps (ie’privacy by design’).
What action should Australian businesses take now? Given the increased focus on privacy in the mobile devices environment internationally, we recommend that Australian businesses review and update their privacy policies and processes to ensure that they adequately cover personal information collected through mobile device apps and mobile sites.
To avoid potential liability, Australian businesses should:
- Ensure their app and mobile site developers are aware of the legal obligations to protect privacy
- Provide a summary of the mandatory information to be provided to users under Australian privacy law at points where personal information is collected
Please do not hesitate to contact us if we can assist with the review/audit of your current privacy practices and policies relating to your mobile sites and apps.