On October 24, 2012, the Privacy Commissioners of Canada, Alberta and British Columbia issued a joint guidance document on mobile applications, titled Seizing Opportunity: Good Privacy Practices for Developing Mobile Apps. The guidance conveniently summarizes general private sector privacy principles under the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Personal Information Protection Acts of Alberta and British Columbia in one document, with specific application to the development of mobile applications (Apps).
The Privacy Commissioners provide tips on making consent more meaningful in the mobile App environment. Suggestions include:
- Layering Information. The first layer of privacy disclosure could be icons, labels and images that lead to more detail through hyperlinks.
- Privacy Dashboards. Provide tools to display privacy settings in a way that encourages user action and also explains the consequence of making a choice.
- Colour and sound. Scale colour and sound and their intensity to the importance of the decision or sensitivity of the information.
The Privacy Commissioners also provide specific guidance with respect to the collection and use of certain types of personal information. For example:
- Sound, Location and Movement. Collection of sound and data from the device’s location and movement sensors requires informed consent and must be directly related to the functionality of the App.
- Cameras. Activation of the device camera requires specific permission of the user.
- Device Identifiers. Apps should be designed in a way that that do not require collection of unique device identifiers unless that is “essential” to the functioning of the App.
- Third parties. Information about third parties (e.g. from a contact list) should not be collected without consent. The Privacy Commissioners do not specify whose consent.
The Privacy Commissioners also state that data should not be associated across Apps unless it is “necessary” to do so and “obvious” to the user.
In addition to this latest guidance, Apps developers may wish to consult The Roadmap for Privacy by Design in Mobile Communications: A Practical Tool for Developers, Service Providers and Users, which was co-authored by the Information and Privacy Commissioner of Ontario and the Arizona State University Privacy by Design Research Lab and published in December 2010.