Banking and finance dispute resolution
For the latest news and comment on banking and finance disputes.
For the latest news and comment on banking and finance disputes.
For all the latest news and comment in clinical negligence healthcare law
This collection looks at the latest news and comment on commercial contracting healthcare law. With the health and social care sector under…
For all the latest news and comment in employment and pensions healthcare law
For all the latest legal and regulatory news and comment in health technology
This collection contains DAC B eachcroft's latest report, The Route to Integrated Healthcare , which provides the first practical examples of how…
This collection looks at the latest strategic, commercial, regulatory and negligence legal and advisory news and comment in health and social care. …
For all the latest news and comment on employment and pensions law.
DAC Beachcroft Dublin specialises in insurance, professional indemnity, defendant personal injury, health, commercial litigation and employment work.…
For all the latest new and comment in tax law.
The GC Collective collection offers insight and comment for General Counsels (GCs) and in-house legal teams.
For the latest news and comment on Corporate, M&A and Equity Capital Markets.
Analysis, commentary and checklists on the legal and governance implications of Brexit on businesses operating in, and trading with, the UK
The Accountant's Liability Collection brings you topical news and insight of interest to accountants, actuaries, trustees and other financial…
Events and online training for the health and social care sector.
DAC Beachcroft's LatAm Quarterly Newsletter discusses topical news and issues in Latin America
In response to client suggestions and requests, DAC Beachcroft's insurance sector flagship publication.
For all the latest legal and regulatory news and comment in health and social care integration
For all the latest news and comment in corporate regulatory healthcare law
Find advice, commentary and thought leadership on all aspects of Director's & Officer's Insurance; from contract formation through to complex…
This collection looks at the latest news, comment and development on the law affecting mental health services. The law affecting mental health…
Our market-leading Information Law team regularly publish articles and updates addressing the ever-evolving Information Law landscape.
This collection looks at our Safety, Health and Environment Team and the products and services they can provide. In the climate of increased…
The Insurance Act 2015 comes into force in August 2016 and will represent a significant change to insurance contract law in this country. This…
Legislative changes are bringing major changes to the Insurance landscape. This collection houses DAC Beachcroft's alerts on the pertinent issues.
For all the latest news and comment in clinical regulatory healthcare law
Organisations face ever-increasing expectations from Government, regulators, customers or service users, and other stakeholders, so scrutiny and…
For all the latest legal and regulatory news and comment in healthcare estates and facilities management
This collection addresses the full spectrum of cyber security and data risk management – the zeitgeist of our age.
We have acted for clients in the majority of significant product liability cases that have been decided in the UK over the last 35 years. Our product…
Considering the future landscapes of our cities
The European General Data Protection Regulation (GDPR) came into force on 25 May 2016. A rewrite of European data protection law, the GDPR imposes…
Considering the future of housing
For the latest news and comment on public procurement law.
Welcome to the Construction Risks collection. This space is used to report upon issues of interest to those who seek to allocate, manage and reduce…
Technology, brands and intellectual capital are key assets for any successful business. Our intellectual property (IP) team are experts at helping…
Considering the future of retail
The Insurance Market Conditions and Trends report is DAC Beachcroft's insurance sector flagship publication. Now in its tenth year, the report…
The Solicitors' Risk Collection addresses issues and developments affecting legal practitioners, and the professional indemnity insurers of legal…
Published On: 19 April 2016
In a blogpost on 11 March 2016, the ICO's Group Manager for Technology, Simon Rice, considers how apps are used and provides a reminder to app developers that privacy should be appropriately considered. As Rice points out, apps are big business. Users expect to be able to interact with organisations on smartphones and tablets through an app. However, just because apps are intended to be convenient, quick ways to access a service, does not mean that legal requirements can be dispensed with.
In 2015, the ICO carried out a review of 21 popular apps and found some areas of concern. In particular, encryption of connections to transmit personal data. Three apps were found to use unencrypted connections in the transmission of personal data. Three apps which were using encryption methods (https connections) were not appropriately checking digital certificates, risking an attacker impersonating a server and therefore personal data being transmitted to the wrong server.
Other areas of concern include:
ICO guidance for app developers – a reminder
In 2013 the ICO produced guidance for app developers. The guidance has not been updated since its first publication. Whether this 'sweep' will prompt an update to the guidance remains to be seen. However, Rice does recommend that app developers take the opportunity to read the guidance.
In light of this recommendation, we have set out the seven key questions from the guidance to ask yourself when developing an app. Much of this should not be new. The rules are the same regardless of the medium for processing data. Remember also that organisations should be considering these questions before an app is developed and take a 'privacy by design' approach.
1. Will your app deal with personal data?
Make sure you properly consider whether personal data will be processed using your app. Remember that personal data may not be as obvious as a name. Device identifiers such as IMEI numbers will constitute personal data.
2. Who is the data controller?
Once you have established that your app will be processing personal data you need to consider who is the data controller of that personal data. Who determines the manner and the purpose for processing?
3. What data will you collect?
Make sure only the minimum data necessary is collected and it is only kept for as long as it is required for the specified purposes. Consider whether less privacy intrusive data might be collected. For example, if photos are collected strip out unnecessary metadata such as the date of creation of the image or the location.
4. How will you inform users?
5. How will you give your users feedback and control?
Avoid taking an 'all or nothing' approach. Allow users to take control of their settings including by allowing users to change the choices once the app is in use. If your app uses data in an unexpected way clearly alert the user to this processing and provide an easy way to stop the processing.
6. How will you keep the data secure?
Ensure data is encrypted where appropriate. This is especially important given the ICO's findings followings its review of mobile apps. Usernames, passwords and other particularly sensitive information should always be transmitted using encrypted connections. Consider vulnerabilities that are more relevant in respect to apps such as inter-app injection flaws. The guidance also specifically mentions that SSL and TLS connections should be checked to ensure that a connection is secure.
7. How will you test and maintain your app?
Review your app privacy policies to ensure they comply with the guidance. Rice also mentioned that the ICO has started a second investigation into finance and wellbeing apps. If you work in this field make sure your house is in order so if the ICO comes knocking you will be well armed to respond to criticisms.