The short answer
Absolutely! If you are collecting personal information in a mobile app (and nearly all of them do) you should have a privacy policy in place. This will allow you to meet Australian privacy law requirements and give your users confidence in your mobile app.
Do I legally have to have a Privacy Policy?
You are legally required to have a privacy policy if:
- your businesses turnover is over $3m; or
- if your business provides health services and holds health information about individuals; or
- your business is in the business of selling personal information that you have collected, e.g. your business collects names and email addresses and then sells those detail to another company so that other company can market to the individuals.
So let’s go into a little more detail. There are Australian Privacy Principles that sit within the Privacy Act. They stipulate how personal information can be collected, stored and shared.
Australian Privacy Principle entities are organisations that have to abide by the Australian Privacy Principles (i.e. comply with the Privacy Act). There are several types of Australian Privacy Principle entities, such as businesses with an annual turnover of more than $3 million, businesses that provide health services and hold health information and all businesses that sell personal information collected through their mobile app to advertisers.
However, even if your business is not an Australian Privacy Policy entity (and therefore does not legally require a privacy policy), it makes good business sense to have strong privacy protections in place. Mobile App users are increasingly aware and concerned about the use of their personal information. Additionally, the most commonly used application download platforms (Google Play store, Apple App Store etc) require mobile app developers to have a privacy policy.
What is personal information?
For information to be personal, it needs to be information or an opinion about an identifiable individual. Examples of personal information that is commonly collected and used by mobile apps includes:
- Name and email address
- Photographs
- Internet Protocol (IP) addresses
- Unique Device Identifiers (UDIDs)
- Contact lists
- Social media account information
- Voice print and facial recognition biometrics
- Geographical location information
What needs to be in the privacy policy?
Your mobile app privacy policy should be easily accessible through your app and written in plain language that users will understand. Some of the terms that you should include are:
- What personal information will be collected
- How the personal information will be collected and stored
- How the personal information will be used by your business and any third party advertisers
- Whether the personal information will be disclosed in Australia or overseas, including to government organisations
- How users can access the personal information that has been collected by the app
- How users can have their personal information corrected if it is incorrect
- How users can make complaints or contact the company to discuss the privacy policy
How should I notify App users of my privacy policy?
Mobile App users should be made aware of and agree to your privacy policy before they start using the mobile app. Most apps have a tick box asking users to indicate that they have read and agree to the terms and conditions and privacy policy before they can download the app.
There are different ways you can ensure that users to read and consider your policy before agreeing to it. For example, you can have the key points of your policy pop-up on a screen with a link to the whole policy. You can use infographics to help users understand your policy. You also might consider having different settings on your app that allows users to tailor the amount and type of personal information that the app accesses.
Key Tip
If you have a privacy policy then you need to act consistently with it, otherwise your business could be found to be engaging in misleading and deceptive conduct under s18 of the Australian Consumer Law
