Do we have to deal with personal data in our activity? What does this involve? These are legitimate questions for a mobile applications developer, since collecting these data has become an inherent phenomenon of the digital world and a more and more controversial topic along with the evolution of mobile applications, due to the various situations that can arise. Moreover, the subject is of a greater interest since, in the future, a tightening of sanctions is foreshadowed for non-compliance with the legislation of the personal data.
Therefore, no matter whether he is interested in a good reputation in front of the user who is more and more frightened by the perspective of having his personal life invaded, or whether he wants to protect himself against the contingent legal sanctions, the developer has to observe the laws in force. They are quite numerous and thick, and this article does not aim to present them all in detail. Instead, starting from the hypothesis below, we wish to present a few ground rules that are easy to keep in mind, which you can take into consideration in order to minimize the possible risks.
A. is a company from Romania and it has just finished the process of development of a mobile application. It is an application created according to the internal specifications of A., with the intention of being commercially exploited under the company"s own brand, not an application that was ordered by an external client.
Before uploading the application on the relevant online platforms (Magazine Play, App Store, etc.) so as to make it available to the users, A. finds out that it should take one more aspect into consideration: through the application, certain data regarding the users will be collected on its server and, sometimes, transferred to the partners abroad. But the company does not know whether they represent personal data nor if they imply complying with some legal laws.
According to the European Directive ePrivacy (directive translated also in the Romanian legislation), any electronic terminal equipment (phones, tablets, laptops, etc.) and any information stored on them are part of the private area of the user and are protected according to the European Convention for the Protection of Human Rights and Fundamental Freedoms.
This information can be considered private no matter whether it regards a natural person that is identified (for instance, by name) or identifiable (one that can be identified directly or indirectly). They may be connected to the owner of the electronic device or to any other natural person (for instance, the contact data of one"s friends, from the phone contact list).
Here are a few examples: location data, geolocation, name of the user, contacts from the phone book, e-mail, pictures and videos, date of birth, identifiers such as Unique Device Identifier (IMEI number, etc.), phone number, the registry of calls, messages or searches on the Internet, information regarding payments made on-line, biometrical data such as facial recognition, etc.
Sometimes it is possible that among the collected data there is some of apartness - the sensitive personal data, such as: the sexual preferences of the users, their racial/ ethnical origin or political affiliation, etc. They require special carefulness (especially if they are collected in order to be used in the behavioral targeted advertising, analytics, etc.).
As developers, it is for your convenience to implement proper privacy policies for the mobile applications you create and release on the market. Privacy by Design is a more and more popular concept and it can offer a technical solution to a legal problem. More and more, the applications which take the personal data protection seriously gain the trust of their users, succeeding in making a difference through transparency.
Claudia Jelea is a lawyer specialized in issues involving the online environment, electronic trade and IT&C, brands, copyright and personal data privacy. She is a member of Bucharest Bar and of the Patent Chamber (brands).
Catalin Constantinescu is a student in the fourth year in the Faculty of Law, Bucharest University and he is interested in the interference between law and IT.
by Ovidiu Mățan
by Rareș Rusu
by Denes Botond
by Radu Murzea
by Roland Szabo
by Mihai Buhai
by Monica Soare
by Diana Ciorba