Privacy Policies

CS 4720 - Mobile Application Development

​

​

​

​

CS 4720

Creating a Privacy Policy

• A privacy policy is a document created to go with a product (app, website, etc.) that describes how the product and company behind it will do the following with a customer or client’s data:
• Gather
• Use
• Disclose
• Manage

CS 4720

Creating a Privacy Policy

• Ask yourself some questions:
• What data is collected?
• How it is collected?
• What you will/can do with it?
• What will happen to it after X amount of time?
• Is it anonymous?
• Are there ads?
• Is the data shared with another organization?
• … and more…

CS 4720

You need a privacy policy because...

• You are collecting personal data
• You are using a third-party service
• Government regulations
• App Store regulations
• Risk alienating customers
• Open to lawsuits
• From http://www.iubenda.com/en/mobile

CS 4720

What’s in a policy?

• Information - what personal information is being collected on the site
• Choice - what options the customer has about how/whether her data is collected and used
• Access - how a customer can see what data has been collected and change/correct it if necessary

CS 4720

What’s in a policy?

• Security - state how any data that is collected is stored/protected
• Redress - what customer can do if privacy policy is not met
• Updates - how policy changes will be communicated

From Better Business Bureau

CS 4720

Example Policies

• Google: https://www.google.com/policies/privacy/
• Apple: http://www.apple.com/legal/privacy/en-ww/
• Facebook: https://www.facebook.com/policy.php
• Twitter: https://twitter.com/privacy?lang=en

CS 4720

Example Policies

• Note that these are mainly in “regular, plain English!”
• Movement away from “legalese”
• Some privacy policies were automatically processed

CS 4720

Find a Policy

• Go find a privacy policy for us to discuss! Does it do everything we have laid out?
• Information
• Choice
• Access
• Security
• Redress
• Updates

CS 4720

What does a privacy policy get you?

• Disclosure of what’s going on
• A level of trust with developer
• Meeting requirements from publishers / government agencies
• Google Analytics Requirements: https://support.google.com/analytics/answer/2700409?hl=en

CS 4720

Beyond Policies

• Writing down what you do is good…
• … following it is even better
• Remember: privacy is not security
• The privacy policy says what you are collecting and what you plan to do
• And absence of this does not mean you shouldn’t protect data you collect!

CS 4720