Privacy by design: 6 reasons why apps must care about privacy

“Privacy by design is the name of the game” is how Sonia Carreno, President of IAB Canada opened the fireside chat on an episode of Tech That Talks where our guests discussed the importance of privacy within the mobile app ecosystem.The rapid pace of technological change and the impact of market forces and globalization are driving the digital economy. 

It is no secret that the emergence of open mobile platforms and the intersection of mobile and the web has created a dynamic ecosystem that enables individuals to create personal identities online, connect with communities of their choice, and engage with innovative applications and services, bettering the lives of many. Globally, there are 3.2 billion iOS users, along with over 2.5 billion active Android users. About 88% of time on mobile phones is spent on – you guessed it – mobile apps.

But the issue here is clear: many of the interactions mentioned above rely on the real-time access and use of personal information that is often transferred globally among applications, devices and companies. 

It is very important for companies that rely on much of their revenue model resulting from a user’s interactions with apps to have a proper privacy strategy in place. When beginning the development of a mobile application, app developers must keep privacy first in order to embed a tool – such as an InApp SDK – where the user experience isn’t impacted, but enhances the technology. This way consent choices can be collected, stored and passed on across the programmatic and adtech industries. 

This new way of data collection and usage will have an impact on all parts of a company. All teams, from legal and product to marketing and analytics, must be united around a common strategy and the steps required to realize a data privacy policy. 

Privacy shouldn’t be seen as something time consuming for a team to tackle, but rather as the future of the mobile application and advertising space. Solidify the message into company culture and technology to create a seamless user experience and better business opportunities, so that the reach of your mobile application can grow.

Glitches, bugs, or a messy user interface – there are many reasons why a user might delete an app. Don’t let the lack of a proper data privacy strategy be one of them.

The most important thing to highlight here is that large advertisers will not invest in publishers that fail to collect consent strings in compliance with the latest privacy principles. Of course, programmatic advertising is the most lucrative form of real-time data, but there must be consent behind it. 

Data privacy is becoming a more relevant topic by the day, with three movements going on:

1. Regulatory bodies are pushing for stronger legislation in the app industry.
2. Premium advertisers won’t buy inventory where consent has not been collected in a compliant manner.
3. App developers and companies are realizing that their current business model won’t function if there isn’t a privacy strategy from the start of application development.

This is where the concept of privacy by design takes the center stage. Developers must align data collection to a specific purpose for which the data is needed, and communicate that to mobile app users.  This is so that data controllers, including joint controllers, implement appropriate technical and organizational measures to ensure and to be able to demonstrate that covered processing is performed in accordance with the Regulation.  

Art. 5 GDPR, Principles relating to processing of personal data: 

(i) Lawfulness, fairness, and transparency 

(ii) Purpose limitation 

(iii) Data minimization 

(iv) Accuracy 

(v) Storage limitation 

(v) Integrity and confidentiality

(vi) Accountability (must be observed in the design and implementation of these systems) 

Privacy has already expanded beyond the European borders. Other privacy regulations, such as CCPA in California, LGPD in Brazil, POPIA in South Africa are already being enforced, and have used the European GDPR as a model.

Data privacy has become a fundamental right, with 87 percent of Americans viewing it as a human right. That’s a whole lot of trust at play. According to the IAB: “Even applications that legitimately access and use personal information may fail to meet the privacy expectation of users and undermine their confidence and trust in organisations and the wider mobile ecosystem”.

So what happens when app users do not trust that a mobile application is utilizing their data correctly? The results are clear in the latest study produced by Google and Deloitte. 41 percent of people said they would delete an app due to privacy concerns. The verdict is clear: users are asking for more transparency where greater user trust means higher lifetime value.

Data privacy liability falls on a company broadly, but can also fall on app developers specifically. This is because the GDPR references that if you played a role in determining “the purpose or means” of data processing, you are a joint responsible party (data controller) for the data processed by any third party. For example, if your app has monetization functionality, analytics, or reporting SDKs, and you do not collect consent, you as the app publisher can be held accountable for the lack of consent. So as an app developer, having clear accountability is very important.

By 2023, 65 percent of the world’s population will have its personal data covered under modern privacy regulations, up from just 10% in 2020, predicts Gartner, Inc. Although regulations are being enacted globally, the reach of your mobile application shouldn’t have to stop in your local neighborhood. Mobile app owners must ensure global privacy compliance within their mobile applications, such as when processing financial transactions, collecting email addresses at account sign up and transmitting data to other apps ( global privacy principles). The GDPR applies to mobile apps that collect and process personal data of EU citizens. It doesn’t matter if your app is operated, or your company headquartered, outside of the EU, the GDPR will still apply.

This means that if you plan to have users who are outside of the US, you must abide by further privacy legislation outside the scope of the United States, as well as relevant US privacy laws.

If you think that because your app doesn’t set cookies you don’t need to develop a privacy strategy, think again. According to one recent study by the ACM Digital Library, most apps transmit data directly to third parties, like Google, Facebook and ad exchanges, via trackers embedded in the app code. On the positive side, the vast amounts of data gathered can provide a lucrative revenue stream for apps and the digital advertising industry. On the negative side, the information collected by third party SDKs will gradually become of little to no use if the proper form of consent isn’t collected, especially as global privacy legislation becomes more stringent.

This means that all apps are required to be transparent with their users about the way their data is used, and provide the ability to grant or decline their consent. 

The lifetime value of an app’s users can be impacted by the type of data privacy strategy in place, and by the level of transparency provided to users. In the long run, a lack of trust from your users could reduce their LTV, and erode your App profitability.

A strong app data privacy strategy can provide a competitive advantage for your mobile application. This enables a smoother user experience, higher advertising revenue and encourages user trust. Ultimately ideally establishing a lasting relationship between the app developers and their users. 

DISCLAIMER:

The implementation of a data protection-compliant implementation of a Consent Management Platform is ultimately at the discretion of the respective data protection officer or legal department.

These explanations therefore do not constitute legal advice. They merely serve to support you with information about the current legal situation when implementing a Consent Management Platform solution. If you have any legal questions, you should consult a qualified attorney.