Commissioners release guide for 'privacy-friendly' smartphone apps

VANCOUVER – Several Canadian privacy watchdogs have created a set of guidelines to help mobile developers create “privacy-friendly” smartphone apps.

And they warn that failing to be transparent about any information collected could see developers running afoul of both the law and their potential customers.

Federal privacy commissioner Jennifer Stoddart joined her counterparts in British Columbia and Alberta in releasing a 12-page document that explains how Canada’s privacy laws apply to mobile app developers — whether they’re based in this country or farther afield.

Stoddart says it’s been a challenge to ensure everyone in the growing mobile app industry knows that the rules apply to them.

“We were concerned that apps often seem to have nothing to do with Canadian law on the use of personal information,” Stoddart says in an interview.

“Sometimes they’re not aware. Sometimes I get the impression they don’t care and they’re not going out of their way to find out. And sometimes it’s a catch-me-if-you-can attitude.”

Stoddart says any developer that sells an app to Canadians must comply with the same privacy legislation as any other business.

That, according to the guide, means developers are responsible for ensuring any information they collect from users is relevant to their product and is securely stored. Users must be fully informed and must consent to the type of information that will be collected and what will be done with it.

The guide offers tips to ensure developers are thinking about privacy from the planning stages of an app.

It urges developers to create a detailed privacy policy and ensure any other companies they work with are following the same rules. Users should know what will happen to their data before they download and use an app, the guide says, and developers should consider building privacy notifications into the look and feel of an app, such as through graphics and sounds.

And it’s not just privacy commissioners that will be watching to ensure app developers comply, says Stoddart. Consumers are becoming increasingly concerned with how their personal data is used online, and users who feel their privacy is violated can quickly become a thorn in developers’ sides.

“Because of the hugely networked online world, bad news travels fast, and there’s always the privacy-conscious people out there who can spread the word if they don’t think (an app) is respectful of their privacy,” says Stoddart.

“In spite of urban myths to the contrary, they don’t want to give away demographic information or where their location is to get apps for free.”

Federal and provincial privacy commissioners have the power to enforce privacy laws. They can launch investigations and order companies to shape up. If they don’t comply, the commissioners can then ask the courts to step in.

Stoddart says she has several investigations into mobile app developers underway, but adds she can’t talk about any in detail until they’re finished.

Three years ago, Stoddart released the results of an investigation into Facebook and ordered the American social networking giant to make changes. Facebook responded by tightening its privacy policies.

Elizabeth Denham, British Columbia’s privacy commissioner, says it becomes more difficult to enforce Canadian laws if an app developer is located in the United States, which has far less restrictive privacy laws.

“The difficulty is enforcing those laws and having the long arm across the border,” says Denham.

“The first step in enforcing the law is to let application developers know what their obligations are when operating in Canada.”

The privacy commissioners held meetings with app developers earlier this year before drafting the privacy guidelines. Devin Tuinstra of FloatPoint Media, an app development firm based in Dundas, Ont., was at one of those meetings.

“On one hand, the user is demanding an augmented reality experience and a catered experience to their surroundings — while at the same time they don’t want to give up their private information,” says Tuinstra.

“We battle with this throughout.”

Tuinstra says it’s relatively easy to comply with privacy laws once a developer knows what it’s in them. He acknowledges it’s a challenge ensuring apps respect different jurisdictions’ privacy laws — a problem his company addresses by determining where a user is located and then handling data differently depending on that location.

Still, Tuinstra says consumers benefit when their mobile or online services can use their information to personally tailor content.

“It really just adds to the experience,” he says.

“To be able to walk into a mall and instantly on my phone have a whole list of coupons for that mall for the products I love to buy, that’s a value, in my opinion.”