Results 1 to 1 of 1

Thread: What software developers can do

  1. #1
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,601

    Default What software developers can do

    Have a privacy policy that is available from the iTunes Store before download

    Informing the user about the kind of Personally Identfiable Information that is collected, and by whom it is processed, is a necessity. An example:
    MyFirstApplication uses TrackingSoftwareName to gather pseudonymous data that will be used for statistical purposes. Go to http://url-to-information-page-of-tr...tware-company/ to get informed about the kind of data collected and how it is processed. [You can opt out of this data processing by disabling Statistics on the MyFirstApplication Settings page on your phone.]
    If the company behind the tracking software does not have a page listing collected data, you need to list it yourself.

    Examples of companies that do list information:


    Offer an in-app Terms of Service or Privacy Policy

    The even better addition to the above.

    Offer the user to opt-in/-out on first application start

    To be fair to those who do not entrust their personally identifiable information ho the third parties you use, and to avoid being classified as Tracking Software, you should offer the user a choice when first starting your application.

    (TODO : insert example picture)

    It's important that you do not misinterpret the kind of data collected; make sure data is really anonymous if you call it that way - most data is pseudonymous at most (e.g. the UDID and IP address might not be personally identifying information, but they are personally identifiable information).

    Offer a setting to enable/disable tracking on the applications Settings page

    To be fair to those who do not entrust their personally identifiable information ho the third parties you use, and to avoid being classified as Tracking Software, you should offer the user a choice at any time, e.g. by implementing a Settings page.

    (TODO : insert example picture)

    It's important that you do not misinterpret the kind of data collected; make sure data is really anonymous if you call it that way - most data is pseudonymous at most (e.g. the UDID and IP address might not be personally identifying information, but they are personally identifiable information).

    Transmit on WiFi connections only

    Users without flat data plans have to pay for traffic, where each beacon of tracking software could be another instance of billing. If you fail to inform the user properly about this, the European Union makes it clear in Directive 95/46/EC that you have to cover the costs:

    (55) Whereas, if the controller fails to respect the rights of data subjects, national legislation must provide for a judicial remedy; whereas any damage which a person may suffer as a result of unlawful processing must be compensated for by the controller
    Do not collect geo-location data

    Geo-location plus birthdate could be regarded as another piece of Personally Identifiable Information, see Wikipedia:
    Moreover, sometimes multiple pieces of information, none sufficient by itself to uniquely identify an individual, may uniquely identify a person when combined; this is one reason that multiple pieces of evidence are usually presented at criminal trials. It has been shown that, in 1990, 87% of the population of the United States could be uniquely identified by gender, ZIP code, and full date of birth.
    Last edited by PepiMK; 2010-05-18 at 10:57.
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •