Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

UK businesses have not thought enough about privacy policies for apps

Margi Murphy | Feb. 9, 2015
Wearable apps for customers could create a new set of data protection issues.

Firms that are creating innovative new apps or websites to personalise the customer experience need to work closely with the legal team to ensure they are not straying from the data protection act, an expert at law firm Kemp Little warned yesterday.

Companies that use data through an app or web browser must make sure the user has accepted, and understands how their information will be used. This is usually managed through a data privacy policy - a box that user ticks when they install an app on their phone.

But last week one of the largest tech firms in the world, Google, was investigated by The Information Commissioner's Office (ICO), which deemed Google's privacy policy unsatisfactory. Following this, the search giant promised to improve the information it provides to people about how it collects personal data in the U.K.

Further, Facebook has been criticised for signing all its users up to a new privacy policy that tracks user's online activity outside of the site and allows it to pass that information on to third parties.

Firms that are creating new apps could be in danger of flouting the data protection laws, as across the UK, "businesses have not thought sufficiently enough about their privacy policy," Nicola Fulford, a legal consultant from Kemp Little warned.

Fulford listed instances where firms had simply "copy pasted" privacy policy terms and conditions from other firms and simply "stuck their name on the top", as it was clear the terms were not relevant to their brand, or even their industry.

A communication gap between marketing or IT and the legal team meant that a firm's privacy terms may not support what information software is collecting, Fulford added.

Google may be an "extreme case" according to Fulford, but as businesses learn more about their customers and begin to open public APIs, the development team will need to work closer with the legal team to ensure that it is on the right side of the law after every release.

Firms are waiting on the refresh of the data protection laws that have been promised by EU commisioners for the end of this year. However, a recent survey found that the responsibility of translating regulations into business terms will be left to IT professionals.

 

Sign up for CIO Asia eNewsletters.