- Professional News
- 16 May 2013
The Data Protection Act applies to apps
A great many companies are unaware of their obligation to comply with the Danish Data Protection Act and the EU Cookie Directive when handling the vast amounts of personal data generated through users’ download and use of apps.
A growing number of companies develop apps for smartphones and tablets, and consumers enthusiastically welcome the small digital helpers. However, many companies are not aware of the fact that the provisions of the Danish Data Protection Act also govern the development of apps and the handling of personal data generated through consumers’ download and use of apps.
Users must be informed
The user must be informed before the app begins to gather personal data. This includes information about the various parties involved in the handling of the user’s personal data, as well as information about third party usage. Moreover, the purpose for which the personal data is gathered must be stated clearly and in a language that non-specialists will readily comprehend.
All parties are liable
Many parties are involved in the handling of the personal data that is gathered and stored on the user’s smart device. These include app developers and third parties such as communications and analysis companies. According to the Data Protection Act, all parties are considered to be individually liable. Nonetheless, the constellation of many parties being involved, and a general unfamiliarity with the contents of the Data Protection Act, increases the risk of unintended infringements.
According to the Cookie Directive, users should also give their informed consent to cookies being stored on their smart device. Information should be adequate and enable the user to make a qualified decision. It is not considered to be an informed consent if the user only activates an install button or accepts standard terms and conditions. It should be clearly stated which pieces of personal data and data categories the app gathers and process further.
The permitted data storage period depends on the app’s purpose. For instance, in the case of a photo app it is allowable to leave it up to the user to decide on the storage period, whereas for a navigation app the app should be programmed to only store the ten most recently visited locations. As a principal rule, data should be stored for only as long as it is required for the app to serve its purpose.